4902e793ee0e181fdc835b249ba3240d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4902e793ee0e181fdc835b249ba3240d
Size

27KB
MD5

4902e793ee0e181fdc835b249ba3240d
SHA1

3b71ea85fd2aacac7342e7d72f2cbdd1520a32cb
SHA256

79f38e4bab199b04c948289a9005143b4b1c81bf8cd8ee851a76e75336e677d5
SHA512

74debd322572d76bc746132e231036c12c3f41177cc592d70a43236dcbfa7efb709ef7d7aa8b01c1ed8063eae47ae0cd118cd4c61f7580907791a4d127fb32ba
SSDEEP

384:CfK+HmMxTLptPZxnFKWmuwdroGax95bAX+jzyd6v035uzyZAH+:CfK+HDTLPZxnqa5oEfy4yZAe

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4902e793ee0e181fdc835b249ba3240d
unpack001/out.upx

Files

4902e793ee0e181fdc835b249ba3240d
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_GetFileName@16

Sections

UPX0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ