SecuriteInfo[.]com[.]W32[.]Agent[.]NNJU-2136[.]17128[.]9578 | Triage

Sharing

General

Target

SecuriteInfo.com.W32.Agent.NNJU-2136.17128.9578
Size

599KB
MD5

99bcda24303b4fbe43f92c1d0a744ddc
SHA1

210198d016f3c0be754668f9b834ce7223ebc480
SHA256

bd700d29a293140025aab849bec3b4ecb2fa67574f7efd2ed1dfb19aee3286ea
SHA512

4cab33aee05be1f33e741d181a6829048375ad68c316600c37b1aa2e37a5f513591970456347c892674525a96cd0b27f56df7b4966a6b107746e58b04a6ae350
SSDEEP

6144:+RR5rhZFQGrsUwF7vlPoSHeCwKqzQlY4mMQvu:+R5nWFpPoS1zLJ

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.Agent.NNJU-2136.17128.9578

Files

SecuriteInfo.com.W32.Agent.NNJU-2136.17128.9578
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE