64430b801203a9e459efde713624bd76 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64430b801203a9e459efde713624bd76
Size

86KB
MD5

64430b801203a9e459efde713624bd76
SHA1

283ee88b0172e79d786d2ae073b0194484c3d80e
SHA256

bca1eafe3c231c830fab01f2158558f598b88b66cd10122e85c1e5001a26d710
SHA512

23b92076628790acd2a2326680691e9e510c79293f3390f33b1af6c00163e9748f54bac5a27ad49f2c95bf189326aa8fe871bf2821821bcfbb5ca4f1ffb1d497
SSDEEP

1536:yWVrR/RgPkCLzHKXDqT2nE+fylUJv2y2L7yQx4+RPoRy7X5I9SDfh1QX:yCrR/RwkCLomExuq2L7y7+5o87X/

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
64430b801203a9e459efde713624bd76
unpack001/out.upx

Files

64430b801203a9e459efde713624bd76
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

load
update_load

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ