F1122
Powder
Severe
Snug
Behavioral task
behavioral1
Sample
3c2658c042d05cbb82a38b07eb929901.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3c2658c042d05cbb82a38b07eb929901.dll
Resource
win10v2004-20231215-en
Target
3c2658c042d05cbb82a38b07eb929901
Size
176KB
MD5
3c2658c042d05cbb82a38b07eb929901
SHA1
e0cf3cb69d2a74f6bdac14d0ea16d24d87d7a499
SHA256
5fbe22f977ff6a33746652cf5ca143c05eb242a1e20d56a662ef572f1e58cade
SHA512
2390577006c398ccad12e09ed6b3a75d25d7ef7cab06283551ec1604f245884f2e8e0df475f652efd6a707b17613b4c16222436ea997fa09ffced6bc3c709acd
SSDEEP
3072:EfQ9DX7m6Cpp9FZTv6MPPrYZFLCD39dkLnfXZQjIkm9OdxUWLofLiHwhsjttoutl:Vj7i9LvhUFSn0Xsdm2sLkoS
Detects file using ACProtect software.
Processes:
resource | yara_rule |
---|---|
sample | acprotect |
Processes:
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
Processes:
resource |
---|
3c2658c042d05cbb82a38b07eb929901 |
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
F1122
Powder
Severe
Snug
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE