17d893d6c00210e2ef21dfa3060723d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17d893d6c00210e2ef21dfa3060723d5
Size

50KB
MD5

17d893d6c00210e2ef21dfa3060723d5
SHA1

df72000df91d7e77f18d4c5820442bc3937d897d
SHA256

0aa94c76ee79df91d95705e3b381e161de8775980c5b27d3c868a92747b63140
SHA512

e233f90ceb3ff9dd182a1b063472063722d0eab7fc7cacc9796d4bad5e6780fe2f016cad39460f1afea331568537dbdbc8be367866d8ca520f9f4a87522a3153
SSDEEP

768:cbmwvV4l3LHGv+EQjdUB6y+6OsfhOJvnnx3Hxf6ZR3zhcBC63FSnbcuyD7U:JcV4lbHN5o+63OJvnx31Kc13FSnouy8

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17d893d6c00210e2ef21dfa3060723d5

Files

17d893d6c00210e2ef21dfa3060723d5
.dll regsvr32 windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CAH0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CAH1
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE