cfe53109c58cfb593cf8864dc9e5b50dfb269c7d986af7ff7c356a844a3036f9 | Triage

Sharing

General

Target

cfe53109c58cfb593cf8864dc9e5b50dfb269c7d986af7ff7c356a844a3036f9
Size

419KB
MD5

d644f4c6e336234d358cb4171cab4fab
SHA1

93def80398c6c69089d84225c253f323ca6d120e
SHA256

cfe53109c58cfb593cf8864dc9e5b50dfb269c7d986af7ff7c356a844a3036f9
SHA512

6c8ee543a1d29f88f17c4ea70592f25131122e1c4ca21aa48fab1982bb8766e04f77a5c797368ec7be5c7e30d1b05cd8dbc4671af7b0abcd488962dbb1c9659d
SSDEEP

12288:tG3Z4xjHybY0uLJRA/1R39DFSJud2aXjyQY:tGp6jHgG3aVBQudFfY

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
aspackv2

Processes:

resource yara_rule

sample aspack_v212_v242

Files

cfe53109c58cfb593cf8864dc9e5b50dfb269c7d986af7ff7c356a844a3036f9
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ForceLibrary
ForceLibraryDBG
ForceLibraryNow
PerformCleanup
RemoteExec
getPointer

Sections

.text
Size: 268KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE