0073de463a0641808c9e6c5a08e4f222

General

Target

0073de463a0641808c9e6c5a08e4f222
Size

236KB
MD5

0073de463a0641808c9e6c5a08e4f222
SHA1

99f3956709c6f75f191e02876d311455258af878
SHA256

8d0824c5f74fc47720a1598f5e4ada19ccd851e7548e3b7ab66ef8c0a074afc5
SHA512

9a1a78ba4408da3c8b5221e80cedb455b762d3cfe62757563242e2c00b01a4709ae2211638e85692c42e8793a27e6396d888f5939e417e5b51858095f210808a
SSDEEP

6144:tLOHgsqDQsf+YdotO7HlX0FDnH7SXaRY7Hbohjyu1MjYnjOGyj:t/DYLtOJXYD7y7HUhe6ti

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.

Processes:

resource yara_rule

sample acprotect
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

resource	yara_rule
sample	acprotect

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0073de463a0641808c9e6c5a08e4f222
unpack001/out.upx

Files

0073de463a0641808c9e6c5a08e4f222
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Global_
Message_
Struct_
Type_
Vars_

Sections

UPX0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 416KB

UPX1 Size: 232KB - Virtual size: 232KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 503KB - Virtual size: 502KB

DATA Size: 29KB - Virtual size: 28KB

BSS Size: - Virtual size: 7KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 135B

.reloc Size: 33KB - Virtual size: 32KB

.rsrc Size: 22KB - Virtual size: 22KB

UPX0
Size: - Virtual size: 416KB

UPX1
Size: 232KB - Virtual size: 232KB

.rsrc
Size: 3KB - Virtual size: 4KB

CODE
Size: 503KB - Virtual size: 502KB

DATA
Size: 29KB - Virtual size: 28KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 135B

.reloc
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 22KB - Virtual size: 22KB