20ec017c215b9db6f38d74c93fc53d82

Sharing

Copy URL

Twitter E-mail

General

Target

20ec017c215b9db6f38d74c93fc53d82
Size

292KB
MD5

20ec017c215b9db6f38d74c93fc53d82
SHA1

bd2bea7936361ac630f82f7f80152830320e660c
SHA256

7dfe530d1f8a25faabb10d603b0efed97f5a69a0e3cc7af7c700eca55002aa77
SHA512

e2ec9eeb77bc66f1d66b4a7d3a53d5492e1da9c0cd603edbc0e5df90094e8f88b6816bcb0117e2bac969397bdcc9d1f7d007ec442bec0a145df5a91491267aac
SSDEEP

6144:9L8UVmfTOCj/lcnDrjxGFElv7pS/nH2bCWFOvX6x1vYBioKOjIzsq:2XfTlcnDpGFivtUnHinOvKogOj+sq

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ec017c215b9db6f38d74c93fc53d82

Files

20ec017c215b9db6f38d74c93fc53d82
.dll windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Exports

Exports

ServiceMain
ServiceMainManual

Sections

CODE
Size: 126KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 126KB - Virtual size: 261KB

DATA Size: 19KB - Virtual size: 34KB

BSS Size: - Virtual size: 13KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 98B

.vmp0 Size: 15KB - Virtual size: 15KB

.rsrc Size: 5KB - Virtual size: 11KB

.MaskPE Size: 6KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 16KB

.perplex Size: 94KB - Virtual size: 94KB

CODE
Size: 126KB - Virtual size: 261KB

DATA
Size: 19KB - Virtual size: 34KB

BSS
Size: - Virtual size: 13KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 98B

.vmp0
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 5KB - Virtual size: 11KB

.MaskPE
Size: 6KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 16KB

.perplex
Size: 94KB - Virtual size: 94KB