64a59106290083d5265ac810614b88916becbf8ef503634f7b7a0f3fc3f6f4fb | Triage

Sharing

General

Target

64a59106290083d5265ac810614b88916becbf8ef503634f7b7a0f3fc3f6f4fb
Size

627KB
MD5

a1d40c1fa79e8d75f8da2486041bb44b
SHA1

f8254be27ad5f50d4cfd7eb4ba4fd7d3502c7d0a
SHA256

64a59106290083d5265ac810614b88916becbf8ef503634f7b7a0f3fc3f6f4fb
SHA512

6dc37615904c25265a971490512cce04205245e0bef7f8c9be40fefdd6490ffc22a888f0772b34d633bc27bad5a9f54453fa78bd71010befa82bc1d7f8b63206
SSDEEP

12288:CnIVCcwUePFEKYWsQHwzKPmhq6RRwP0qXOJXSFVK5K9kZQY+2TjGr2K:CIVqtEKXsQHkKP0tnwPVXOJXSFVKw9/l

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
64a59106290083d5265ac810614b88916becbf8ef503634f7b7a0f3fc3f6f4fb
unpack001/out.upx

Files

64a59106290083d5265ac810614b88916becbf8ef503634f7b7a0f3fc3f6f4fb
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DeleteVideoDecoder
DeleteVideoEncoder
NewVideoDecoder
NewVideoEncoder

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 603KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ