DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Behavioral task
behavioral1
Sample
74f4c2170e8c2f896b700fdc39b8376f.dll
Resource
win7-20231215-en
Target
74f4c2170e8c2f896b700fdc39b8376f
Size
43KB
MD5
74f4c2170e8c2f896b700fdc39b8376f
SHA1
766ba071e05bba99fba184fb8a35db1c1c745b57
SHA256
509e9420182a36be0bbf43d94aca10f2e4f5e19b891999ee6e873b1fa5354f1d
SHA512
0b9f3d7c4c0b8924b867dc6d4423466d2edd4f52d83a56274ec66cb3c0bf4b4e12db9f1a1458141b4356897ba5e886c5a3c98a77706c9ff82971e13c6b675890
SSDEEP
768:aVP8mEUaztn7LgyfT+zvUfP4aX35A+D6fyo5oKcLCDDnW6cN19da:aORPRTkKPf3d6d5ALCDDWHn
Detects file using ACProtect software.
Processes:
resource | yara_rule |
---|---|
sample | acprotect |
Processes:
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
Processes:
resource |
---|
74f4c2170e8c2f896b700fdc39b8376f |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ