27ab41058d350a54847d9fb3406b6b6f

Sharing

Copy URL Twitter E-mail

General

Target

27ab41058d350a54847d9fb3406b6b6f
Size

565KB
MD5

27ab41058d350a54847d9fb3406b6b6f
SHA1

aa2029b078cb06a69ce73e52549fc2b5fc7b8224
SHA256

93a7133eff97727b4cef4ad435eeaec4d003f2cb12c40c2ecb7132580af91ef5
SHA512

299ec8973e8f38a5722ce972371caa70087fdc8001876c6e85c6a948b8d1542ebeb38a0e9c553c1f4a54acb4912123a3b28469510027f6d67ca5394dc3a9ce0a
SSDEEP

12288:PjlE9mvWluo0P55WEj5hQAH+5qAvb4ixvO:PhE98Wsn55s5qWW

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ab41058d350a54847d9fb3406b6b6f

Files

27ab41058d350a54847d9fb3406b6b6f
.dll regsvr32 windows:0 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 249KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vip
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 249KB - Virtual size: 485KB

DATA Size: 14KB - Virtual size: 19KB

BSS Size: - Virtual size: 6KB

.idata Size: 12KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 110B

.reloc Size: 33KB - Virtual size: 32KB

.rsrc Size: 10KB - Virtual size: 28KB

.MaskPE Size: 10KB - Virtual size: 9KB

vip Size: 512B - Virtual size: 4KB

.perplex Size: 117KB - Virtual size: 117KB

CODE
Size: 249KB - Virtual size: 485KB

DATA
Size: 14KB - Virtual size: 19KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 12KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 110B

.reloc
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 10KB - Virtual size: 28KB

.MaskPE
Size: 10KB - Virtual size: 9KB

vip
Size: 512B - Virtual size: 4KB

.perplex
Size: 117KB - Virtual size: 117KB