2409158750d635b6313f4759cd736f3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2409158750d635b6313f4759cd736f3c
Size

64KB
MD5

2409158750d635b6313f4759cd736f3c
SHA1

c8ecd6e3546451226e034b656062764406a1ff3d
SHA256

83111555c5d6856a87a43eeef27bed3abc897e466dbe202bb182e41ce69c2e3b
SHA512

b1d62ea3f36ab0d7410e94e2999837ca495d9ad694f5b0cda31bc64029673447c194cc4fff955add19a2963dfc1e69043c9824065ebba3d83eb66e51441c4c21
SSDEEP

1536:fGBdeSFbfLrEDHWtBU0xz8/wY8aOItWyt/oW9YCL2:fGBdeSpfL77V3Y8aOItWyXhL

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2409158750d635b6313f4759cd736f3c

Files

2409158750d635b6313f4759cd736f3c
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ForceLibrary
ForceLibraryDBG
ForceLibraryNow
PerformCleanup
RemoteExec
getPointer

Sections

.text
Size: 39KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE