1c63ed8eb3dc6e34c0372ce64e350ac2

Sharing

Copy URL Twitter E-mail

General

Target

1c63ed8eb3dc6e34c0372ce64e350ac2
Size

912KB
MD5

1c63ed8eb3dc6e34c0372ce64e350ac2
SHA1

8f14d1bafda0600274fbd4f3775f484e85dbe009
SHA256

d27a53ad4c10d6a918dc13e6768591a4f16dc04052da907ee99bc4e24bcc428f
SHA512

53b79980b98c37bc22408b5bf18f3eab5c15b7c21de803f91d28bf0fd97ceb54690f38f461a24fd4e4e56be07ed4acd67d65349c33f7a9974d80ff576f664a07
SSDEEP

24576:elUOUJuA7x7aBWBqMKcjAzpt0jpdkdNSS89:6UOSuA7x7a+Faypd1S6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1c63ed8eb3dc6e34c0372ce64e350ac2
.dll windows:5 windows x86 arch:x86

Code Sign

4a:f7:4d:10:ce:1d:a1:7e:c9:80:9e:67:d8:1c:37:56:14:a1:f0:ff
Certificate

Issuer

CN=PROGUARD,OU=PROGUARD,O=PROGUARD,L=macaé,ST=Rio de janeiro,C=BR,1.2.840.113549.1.9.1=#0c1150524f4755415244404c4956452e434f4d

Not Before

26/02/2021, 18:38

Not After

26/02/2022, 18:38

Subject

CN=PROGUARD,OU=PROGUARD,O=PROGUARD,L=macaé,ST=Rio de janeiro,C=BR,1.2.840.113549.1.9.1=#0c1150524f4755415244404c4956452e434f4d

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:23:86:5f:17:99:2d:1d:a5:5a:2a:30:85:41:66:77:cc:a8:c1:60:7b:31:ee:65:e9:32:ea:75:01:56:d0:e5
Signer

Actual PE Digest

29:23:86:5f:17:99:2d:1d:a5:5a:2a:30:85:41:66:77:cc:a8:c1:60:7b:31:ee:65:e9:32:ea:75:01:56:d0:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
mukax

Sections

UPX0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 898KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4a:f7:4d:10:ce:1d:a1:7e:c9:80:9e:67:d8:1c:37:56:14:a1:f0:ffCertificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

29:23:86:5f:17:99:2d:1d:a5:5a:2a:30:85:41:66:77:cc:a8:c1:60:7b:31:ee:65:e9:32:ea:75:01:56:d0:e5Signer

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 2.3MB

UPX1 Size: 898KB - Virtual size: 900KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.itext Size: 9KB - Virtual size: 8KB

.data Size: 114KB - Virtual size: 113KB

.bss Size: - Virtual size: 26KB

.idata Size: 14KB - Virtual size: 14KB

.didata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 165B

.rdata Size: 512B - Virtual size: 68B

.reloc Size: 236KB - Virtual size: 236KB

.rsrc Size: 115KB - Virtual size: 115KB

4a:f7:4d:10:ce:1d:a1:7e:c9:80:9e:67:d8:1c:37:56:14:a1:f0:ff
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

29:23:86:5f:17:99:2d:1d:a5:5a:2a:30:85:41:66:77:cc:a8:c1:60:7b:31:ee:65:e9:32:ea:75:01:56:d0:e5
Signer

UPX0
Size: - Virtual size: 2.3MB

UPX1
Size: 898KB - Virtual size: 900KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 114KB - Virtual size: 113KB

.bss
Size: - Virtual size: 26KB

.idata
Size: 14KB - Virtual size: 14KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 165B

.rdata
Size: 512B - Virtual size: 68B

.reloc
Size: 236KB - Virtual size: 236KB

.rsrc
Size: 115KB - Virtual size: 115KB