120c35367100310560e878a1051dbe5a72266ae6f9ffad6c70b8b0480bfbd7e4[.]bin[.]sample[.]gz

Sharing

Copy URL Twitter E-mail

General

Target

120c35367100310560e878a1051dbe5a72266ae6f9ffad6c70b8b0480bfbd7e4.bin.sample.gz
Size

175KB
MD5

8f8b8d386695f493b39e6ed7c780bcf5
SHA1

3a41fb44c1a76ddd626cca720c74d75a61722383
SHA256

b2a13c94f12f3a45b58b3e2db6a0cdb9ab4ab5dd8243354be7de7ec505b53efc
SHA512

6798afb1ebad58c14e10c14872bb2721a8515311c9b08a02bc491ce56587712a25944cc83773f986e7f68b227c081f178d71421ed6ccee7b75b2721f794d2666
SSDEEP

3072:o81hniJyJEXMP2VFXGJtMlDrLqaAVugFCuyxQx++9Jqaty:xhiJQEXq2DAiLK8gF9yxQx+kJqQy

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample

Files

120c35367100310560e878a1051dbe5a72266ae6f9ffad6c70b8b0480bfbd7e4.bin.sample.gz
.gz
sample
.dll windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

LibMain
THINBASIC_PARSESTRING
_thinBasic_AddEquate
_thinBasic_CheckCloseParens
_thinBasic_CheckComma
_thinBasic_CheckOpenParens
_thinBasic_LoadSymbol
_thinBasic_ParseDWord
_thinBasic_ParseDouble
_thinBasic_ParsePtr
_thinBasic_ParseString
_thinBasic_ParseVariant
_thinBasic_RunTimeError
thinBasic_AddEquate
thinBasic_AddIncludePath
thinBasic_AddUdt
thinBasic_AddVariable
thinBasic_ArrayGetElements
thinBasic_ArrayGetInfo
thinBasic_ArrayGetPtr
thinBasic_ChangeVariableNumber
thinBasic_ChangeVariableNumberDirect
thinBasic_ChangeVariableString
thinBasic_ChangeVariableStringDirect
thinBasic_ChangeVariableUDTDirect
thinBasic_CheckCloseParens
thinBasic_CheckCloseParens_Mandatory
thinBasic_CheckCloseParens_Optional
thinBasic_CheckComma
thinBasic_CheckComma_Mandatory
thinBasic_CheckComma_Optional
thinBasic_CheckDiv_Optional
thinBasic_CheckEOL_Optional
thinBasic_CheckEqualType_Mandatory
thinBasic_CheckEqual_Mandatory
thinBasic_CheckEqual_Optional
thinBasic_CheckMinus_Optional
thinBasic_CheckMult_Optional
thinBasic_CheckOpenParens
thinBasic_CheckOpenParens_Mandatory
thinBasic_CheckOpenParens_Optional
thinBasic_CheckPlus_Optional
thinBasic_CheckPoint
thinBasic_CheckPoint_Mandatory
thinBasic_CheckPoint_Optional
thinBasic_CheckSemicolon_Mandatory
thinBasic_CheckSemicolon_Optional
thinBasic_Class_Add
thinBasic_Class_AddMethod
thinBasic_Class_AddProperty
thinBasic_DeclareFunction
thinBasic_DetermineType
thinBasic_DirectPtrToDataPtr
thinBasic_Equal
thinBasic_ErrorFlag
thinBasic_ErrorFree
thinBasic_ErrorUserConfirmed
thinBasic_FunctionCall_ByPtr
thinBasic_FunctionExists
thinBasic_FunctionGetCBParam
thinBasic_FunctionGetName
thinBasic_FunctionGetNumberOfParams
thinBasic_FunctionGetPtr
thinBasic_FunctionGetReturnMainType
thinBasic_FunctionIsCallBack
thinBasic_FunctionParseAndGetPtr
thinBasic_FunctionSimpleCall
thinBasic_FunctionSimpleCall_ByPtr
thinBasic_GetControllingLevels
thinBasic_GetKeywordSpeficic
thinBasic_GetKeywordSpeficic_Single
thinBasic_GetLastError
thinBasic_GetRunTimeInfo
thinBasic_GetToken
thinBasic_GetTokenID
thinBasic_GetTokenName
thinBasic_GetUnknownToken
thinBasic_GetVariableNumberDirect
thinBasic_ITrace_GetValue
thinBasic_ITrace_InstallHandle
thinBasic_Init
thinBasic_Init_Isolated
thinBasic_IsBundled
thinBasic_IsIsolated
thinBasic_IsolationPath
thinBasic_LoadSymbol
thinBasic_LoadSymbolEX
thinBasic_LoadSymbol_Delphi
thinBasic_LoadSymbol_FB
thinBasic_Parse1Number
thinBasic_Parse1Number1String
thinBasic_Parse1Number2Strings
thinBasic_Parse1String
thinBasic_Parse1String2Numbers
thinBasic_Parse1StringXNumbers
thinBasic_Parse2Numbers
thinBasic_Parse2Numbers1String
thinBasic_Parse3Numbers
thinBasic_Parse3Numbers1String
thinBasic_Parse3String
thinBasic_Parse4Numbers
thinBasic_Parse5Numbers
thinBasic_Parse6Numbers
thinBasic_Parse7Numbers
thinBasic_ParseClass
thinBasic_ParseDWord
thinBasic_ParseDouble
thinBasic_ParseLong
thinBasic_ParseLong_Optional
thinBasic_ParseNumber
thinBasic_ParsePtrToSomething
thinBasic_ParseStr
thinBasic_ParseString
thinBasic_ParseString_Delphi
thinBasic_ParseVariableInfo
thinBasic_ParseVariant
thinBasic_ParseWord
thinBasic_ParseXNumbers
thinBasic_ParseXNumbersExt
thinBasic_PutBack
thinBasic_Release
thinBasic_Run
thinBasic_RunTimeError
thinBasic_ScriptIsObfuscated
thinBasic_StackGetCurrent
thinBasic_StackGetList
thinBasic_TokenGetCurrentID
thinBasic_VariableExists
thinBasic_VariableGetInfo
thinBasic_VariableGetInfoEX
thinBasic_VariableGetInfoPtr
thinBasic_VariableGetList
thinBasic_VariableGetValueNum
thinBasic_VariableIsArray
thinBasic_VariableParse
thinBasic_VariableParseAndGetInfo
thinBasic_VariableParsePtr
thinBasic_VariablePtrToDirectPtr
thinBasic_VariableRedim

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 173KB - Virtual size: 176KB

.rsrc Size: 8KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 173KB - Virtual size: 176KB

.rsrc
Size: 8KB - Virtual size: 12KB