ab4e0d3de869383d9d76fec48cd417c3409dcfc0e13d6c7438be5eb8d41d1689 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab4e0d3de869383d9d76fec48cd417c3409dcfc0e13d6c7438be5eb8d41d1689
Size

348KB
MD5

25fb88c4818506ed04f58515cf8d054a
SHA1

be305aea69feeedcb85820886d78838d58aa1cc6
SHA256

ab4e0d3de869383d9d76fec48cd417c3409dcfc0e13d6c7438be5eb8d41d1689
SHA512

769ff6ea685edf4afbb49989dd4eaf183009a517f9f5a5d42c205ac93902b7a4c922fdefaa163773f686277425d08f66aa7f0523a2a7a3c0b2135b3a2a826339
SSDEEP

6144:oGhQ4q5YZpvZbxjXQxc9zX3ER04bk2DUzhhLu4Ez5qwPp2bymnFoyJWJxbCx:oGhQ4qmlByc5X3EeYWhhfwtP4Omnay4e

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ab4e0d3de869383d9d76fec48cd417c3409dcfc0e13d6c7438be5eb8d41d1689
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Add_Group
Online_QQ

Sections

UPX0
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 339KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 596KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ