b7bb08c4f34a419f7d23533222b592b9a5fd91da413df2dfc721eef9e43c988b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7bb08c4f34a419f7d23533222b592b9a5fd91da413df2dfc721eef9e43c988b
Size

6.4MB
MD5

2365810fefb6a1f282ae5a9dff15766b
SHA1

60cd92fe6164e4e29fd1be7cf29558c9559804ba
SHA256

b7bb08c4f34a419f7d23533222b592b9a5fd91da413df2dfc721eef9e43c988b
SHA512

e2d4442610780f83df1509540c06250b45507af8f0900d2f2db8354c9690d4245ee9a6059c4a4570e3472eab8678bb10b31875206f2645adec899922b6e078f8
SSDEEP

196608:ciqJX17iArpvf0LVihZcL5H1xggO6ZRW1KvofJxQjV:c8A16gwYVcRW6sUj

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b7bb08c4f34a419f7d23533222b592b9a5fd91da413df2dfc721eef9e43c988b
unpack001/out.upx

Files

b7bb08c4f34a419f7d23533222b592b9a5fd91da413df2dfc721eef9e43c988b
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GenericLogImpl
��
��_ȡ�Խ��ID
ǿ��ɾ��ļ�

Sections

UPX0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.3MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 992KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ