4a29c76006303b6f462922a0f96f00ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a29c76006303b6f462922a0f96f00ef
Size

50KB
MD5

4a29c76006303b6f462922a0f96f00ef
SHA1

35daf7cc59a465aaa5431ca4e84a1d8b7fad06b4
SHA256

c250bcc66761ff9bc1e36b4b671838aeda0e6823bfe4cc6336f8cb4eb509c327
SHA512

24b5a9daf91093bae64b8b63cc70b1d0298b565156e3aa2586a616c91361c5e0ec3f1f87e362c295565e4fd9f84f1cedf1040a196cb2fa0485b1a16d9769380b
SSDEEP

1536:6NPrT6sxgvsQpEVgcruXAi+ICaUnouy8r:WrT6sx0sbVBuf+ykout

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a29c76006303b6f462922a0f96f00ef

Files

4a29c76006303b6f462922a0f96f00ef
.dll regsvr32 windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

NIE0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NIE1
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE