SecuriteInfo[.]com[.]W32[.]Agent[.]CE13[.]tr[.]1891[.]536 | Triage

Sharing

General

Target

SecuriteInfo.com.W32.Agent.CE13.tr.1891.536
Size

444KB
MD5

1e1809caf6bb2aff70e31f74c9c52223
SHA1

ecbd1120d5e89735f8dc461aed800c07427b972d
SHA256

efab8076d8066a46253dc76c117f35bbf569503891721471b2f3c132588d4e93
SHA512

1c272b19e29d2e19a0064c5f697e6c820faac29464becdc60b2f615c37175410b4205b6a42031d4992bdfb8e456f1a5bf96e9e0728fbdd512e42c90b486100e6
SSDEEP

6144:+RR5rhZFQGrsUwF7vlPoS9ThUVhoJuk0RThU:+R5nWFpPoSc0

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.Agent.CE13.tr.1891.536

Files

SecuriteInfo.com.W32.Agent.CE13.tr.1891.536
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE