2994ddf0e2f65a057cbc2e7bd167accb

Sharing

Copy URL Twitter E-mail

General

Target

2994ddf0e2f65a057cbc2e7bd167accb
Size

169KB
MD5

2994ddf0e2f65a057cbc2e7bd167accb
SHA1

0f60144dbaaa55fda89fcc072ce355eca86c3655
SHA256

691eba15bf618a93bcc32ad1f8355ca62e245a196d4a4f772f53d1dcbe8374c5
SHA512

d43d0900c763dde65bfb1087fe4307b626c84e990bccc7622d8c74ac315b456a9215289301e64f428ed7c185c5aaa2356fcabbefd460658e197838d3bbfcfc06
SSDEEP

3072:XCgpBcyBrM9LLaciIgXeLAy+AufFC15d83mFevLx+CPSypWfyF8NYM:XbpqylGLutkAy+VFC983mAvV+AS6WfwY

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/bi0la.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bi0la.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bi0la.dll
unpack002/out.upx
unpack001/bi0la.exe

Files

2994ddf0e2f65a057cbc2e7bd167accb
.zip
Keycodes.txt
_help.url
_read.txt
bi0la.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateInterface

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bi0la.exe
.exe windows:4 windows x86 arch:x86

7eaf752c5df657aa0493693ff8063215

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Sleep
ExitProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
lstrcmpA
Process32Next
Process32First
CloseHandle
CreateToolhelp32Snapshot
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
IsBadWritePtr
IsBadReadPtr
HeapValidate
TerminateProcess
GetCurrentProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetLastError
SetFilePointer
FlushFileBuffers
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
SetConsoleCtrlHandler
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CreateFileA
ReadFile
GetACP
GetOEMCP
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bi0la.txt
colors.cfg
settings.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 220KB

UPX1 Size: 51KB - Virtual size: 52KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 146KB

.reloc Size: 16KB - Virtual size: 14KB

7eaf752c5df657aa0493693ff8063215

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 440KB - Virtual size: 438KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 16KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 15KB

UPX0
Size: - Virtual size: 220KB

UPX1
Size: 51KB - Virtual size: 52KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 146KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 440KB - Virtual size: 438KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 16KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 15KB