SecuriteInfo[.]com[.]W32[.]Agent[.]CE13[.]tr[.]6020[.]6908 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.W32.Agent.CE13.tr.6020.6908
Size

2.3MB
MD5

392f66b1fee991a95f46cddf9d7ca1a4
SHA1

37a8622c10527434714ebbf9faff11a45f56e55a
SHA256

d1545905cae912f68e9c7cbee610aebee6dbf8e8663c7fa71e95a92040aff424
SHA512

002e3f61dfaca12d55bfa83995617ee08d56932355f4f9ddfe5a805db732ce3c7c34aaa0b8d28281cab64a8a6c7cf6151af2e8ae7dd3cac807bd0bb9e558150c
SSDEEP

49152:VrhAyGWv4uA8+s8KuqGaX0ToIBAUZLY0cVofdvM:jG0+JBAUZLyo2

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.Agent.CE13.tr.6020.6908

Files

SecuriteInfo.com.W32.Agent.CE13.tr.6020.6908
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE