SecuriteInfo[.]com[.]W32[.]Agent[.]CE13[.]tr[.]5987[.]24169 | Triage

Sharing

General

Target

SecuriteInfo.com.W32.Agent.CE13.tr.5987.24169
Size

294KB
MD5

541b39d150bc30ec2f75f5bed5cff31c
SHA1

1bf9402d9f7fef4bc32730423c0bd665a7f8df9a
SHA256

5315086f8e3426cd6aec284b2876e37a1816d288a12e3ed916358c1e3a5bf8bc
SHA512

e77fe1632130c85dfbfd319586c5b5e5fd3fa6f89fca8926cde47fc9c2120a42c195d6d75e3b013dc9280149b9dbb08fab203747cc9ab7fc26760cb7d38679f2
SSDEEP

6144:+RR5rhZFQGrsUwF7vlPoSfgWBa07g8rW543KNcGu6g:+R5nWFpPoSl4G3quD

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.Agent.CE13.tr.5987.24169

Files

SecuriteInfo.com.W32.Agent.CE13.tr.5987.24169
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE