03506549ff41d1e84bbaec097ede9c53e91c4c5076371ac1a6b37aa1888f84dc

General

Target

03506549ff41d1e84bbaec097ede9c53e91c4c5076371ac1a6b37aa1888f84dc
Size

2.0MB
MD5

02342608890b4d7f115e1f84383f5f7f
SHA1

00ef73cde77cd858c692a5a4448fd83793db444d
SHA256

03506549ff41d1e84bbaec097ede9c53e91c4c5076371ac1a6b37aa1888f84dc
SHA512

517a4dcbeae0a62230ead0f049d6caa45c288972d8bd7dc5f3a5d25b80c13fda069912cd1e0d4d69ebffdf09eff72d995449f8fad866a2e67d95220298f96e74
SSDEEP

49152:l6NagzBRPbH5HQuDkWylxuqI2derqzBnaIaQFwU3yVw6:lcPbHquDkrx1JSq9RNFw0S

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
03506549ff41d1e84bbaec097ede9c53e91c4c5076371ac1a6b37aa1888f84dc
unpack001/out.upx

Files

03506549ff41d1e84bbaec097ede9c53e91c4c5076371ac1a6b37aa1888f84dc
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

API_��ר�濨��
CloseSetWindows
Enable
EventDeviceCallback
EventFrieneVerify
EventGroupChat
EventGroupChatSendMsg
EventGroupEstablish
EventGroupMemberAdd
EventGroupMemberDecrease
EventGroupNameChange
EventGroupRevokeMsg
EventInvitedInGroup
EventPrivateChat
EventQRcodePayment
GetOlineUserTotal
Information
Initialization
Login
SdkVersion
SetTkVersionCard
Settings
Start
StopUsing
Uninstall
��_ȡ��汾��
��_ȡ��汾��_��
��_ȡ��
��_ȡ��ƥ��汾��
��_�߳�ȫ��ر�
��_�߳�ע��
��SOP��_ˢ��
��_ȡ��״̬_��վ
��_ȡ��״̬_�Ƿ񸶷�_��Ƴ��
��ŵ�_��
ˢ��_��ʱ��б�
ˢ��_��ŵ�_�ŵ��Ⱥӳ��
ˢ��_��ŵ��

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 4.1MB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 180KB - Virtual size: 522KB

.rsrc Size: 36KB - Virtual size: 33KB

.reloc Size: 188KB - Virtual size: 186KB

UPX0
Size: - Virtual size: 4.1MB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 180KB - Virtual size: 522KB

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 188KB - Virtual size: 186KB