02ecb2c0ea6ee2b6a500cb5f80ee9b71

General

Target

02ecb2c0ea6ee2b6a500cb5f80ee9b71
Size

19KB
MD5

02ecb2c0ea6ee2b6a500cb5f80ee9b71
SHA1

bbccc1265f472cd1ea52835443aa8f91d819ee0d
SHA256

d482f3dff862e60991c4b079d57056f892a54a929c436a8d9c1d21f07b819050
SHA512

bdf899aa50f73d87d5590996db946b309bbedb249104249c390dfbe2480eef08558b94973b8fcec7310fcda68bf43455f6fea81db16f9bae62f2702d270c0f86
SSDEEP

384:qrVtFEgNwPCFhJJA8LUieas7CZT3NEwzxtXN/ZTCfD05WSUlNi7:qbFEgNtj47as7M3NxzHXN/Zu47Ue7

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
02ecb2c0ea6ee2b6a500cb5f80ee9b71
unpack001/out.upx

Files

02ecb2c0ea6ee2b6a500cb5f80ee9b71
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HidD_FlushQueue
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetConfiguration
HidD_GetFeature
HidD_GetHidGuid
HidD_GetIndexedString
HidD_GetInputReport
HidD_GetManufacturerString
HidD_GetMsGenreDescriptor
HidD_GetNumInputBuffers
HidD_GetPhysicalDescriptor
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_Hello
HidD_SetConfiguration
HidD_SetFeature
HidD_SetNumInputBuffers
HidD_SetOutputReport
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetData
HidP_GetExtendedAttributes
HidP_GetLinkCollectionNodes
HidP_GetScaledUsageValue
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidP_GetUsageValueArray
HidP_GetUsages
HidP_GetUsagesEx
HidP_GetValueCaps
HidP_InitializeReportForID
HidP_MaxDataListLength
HidP_MaxUsageListLength
HidP_SetData
HidP_SetScaledUsageValue
HidP_SetUsageValue
HidP_SetUsageValueArray
HidP_SetUsages
HidP_TranslateUsagesToI8042ScanCodes
HidP_UnsetUsages
HidP_UsageListDifference
HidservInstaller

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 13KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB