DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
General
-
Target
Arar by AMP Tecnología.rar
-
Size
621KB
-
MD5
44bc4f1745178d954142499bd31ec9a5
-
SHA1
fedc905e5d4784328daf97ad65b76c06a013b5bc
-
SHA256
f15ddd8bab9f57b5c42f540f1320e6c1442c5cef65ab25829776a5f4590917c9
-
SHA512
3a63f45b353e872042f1f520aa8c39d8d4b3ea7c3989a193fae27065c29d355185c056c6d3d3cbe1e629798c0c754ea9d4eda29a3318bd3987e80b67839df44a
-
SSDEEP
12288:lZzOO/t4UA6iqgdxms5m7d55hFfF+JVo4Z81NDwGdhxkZxA:HzOctkDNdxmsIBjD4Jm4cwGfxIxA
Score
7/10
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
resource yara_rule static1/unpack001/Arar by AMP Tecnología/ARAR.dll acprotect static1/unpack001/Arar by AMP Tecnología/ARARSHL.dll acprotect -
resource yara_rule static1/unpack001/Arar by AMP Tecnología/ARAR.dll upx static1/unpack001/Arar by AMP Tecnología/ARAR.exe upx static1/unpack001/Arar by AMP Tecnología/ARARSHL.dll upx -
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/Arar by AMP Tecnología/ARAR.dll unpack001/Arar by AMP Tecnología/ARAR.exe unpack001/Arar by AMP Tecnología/ARARSHL.dll unpack004/out.upx unpack001/Arar by AMP Tecnología/UNWISE.EXE
Files
-
Arar by AMP Tecnología.rar.rar
-
Arar by AMP Tecnología/ARAR.cnt
-
Arar by AMP Tecnología/ARAR.dll.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
UPX0 Size: - Virtual size: 240KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 137KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Arar by AMP Tecnología/ARAR.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 712KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 361KB - Virtual size: 364KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Arar by AMP Tecnología/ARAR.hlp
-
Arar by AMP Tecnología/ARARSHL.dll.dll regsvr32 windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Sections
UPX0 Size: - Virtual size: 108KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 57KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 84KB - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Arar by AMP Tecnología/UNWISE.EXE.exe windows:4 windows x86 arch:x86
98a092509a857ae89ee89314ec0f5a4c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
MoveFileExA
SetFileAttributesA
FindFirstFileA
RemoveDirectoryA
GetFileAttributesA
CreateProcessA
GetVersionExA
GetPrivateProfileStringA
GetLocalTime
CreateDirectoryA
GlobalAlloc
WritePrivateProfileStringA
WaitForSingleObject
FreeResource
SetErrorMode
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GlobalUnlock
GlobalFree
SizeofResource
_lcreat
_lwrite
_lclose
WinExec
OpenFile
lstrcpynA
FileTimeToLocalFileTime
MultiByteToWideChar
GetFileTime
_lread
FileTimeToDosDateTime
_llseek
_lopen
GetDriveTypeA
GetSystemDirectoryA
MulDiv
lstrcmpA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
lstrlenA
CopyFileA
GetTempPathA
GetTempFileNameA
LockResource
FindResourceA
LoadResource
GlobalLock
GetPrivateProfileIntA
DeleteFileA
FindNextFileA
FindClose
FreeEnvironmentStringsW
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
HeapDestroy
GetEnvironmentVariableA
ReadFile
SetFilePointer
WriteFile
GetStdHandle
SetHandleCount
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapFree
HeapAlloc
MoveFileA
CreateFileA
GetFileType
SetEndOfFile
CloseHandle
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetLastError
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
GetOEMCP
GetCPInfo
GetACP
user32
UpdateWindow
RegisterClassA
LoadBitmapA
ShowWindow
LoadIconA
SetTimer
PeekMessageA
TranslateMessage
DdeUninitialize
GetSystemMetrics
SetWindowTextA
GetMessageA
ExitWindowsEx
GetSysColor
LoadCursorA
SetCursor
EnableWindow
IsWindowVisible
CreateDialogParamA
IsDialogMessageA
wsprintfA
PostMessageA
MessageBoxA
CreateWindowExA
EndPaint
PostQuitMessage
GetClientRect
BeginPaint
ReleaseDC
InvalidateRect
GetDC
DefWindowProcA
MoveWindow
GetWindowRect
SetDlgItemTextA
EndDialog
GetDlgItemTextA
SetRect
ScreenToClient
GetDlgItem
GetWindowTextA
SendDlgItemMessageA
SetFocus
OemToCharA
CharNextA
GetDialogBaseUnits
FillRect
DrawIcon
LoadStringA
GetParent
EnumChildWindows
FindWindowA
SendMessageA
DdeCreateDataHandle
DdeInitializeA
DdeConnect
DdeClientTransaction
DdeGetData
DdeDisconnect
DestroyWindow
DispatchMessageA
DialogBoxParamA
KillTimer
DdeFreeDataHandle
DdeCreateStringHandleA
gdi32
GetStockObject
TextOutA
SetTextColor
GetTextExtentPointA
CreateFontA
GetDeviceCaps
SetBkMode
BitBlt
CreateCompatibleDC
DeleteDC
CreateSolidBrush
SelectObject
PatBlt
SelectPalette
ExtTextOutA
RealizePalette
MoveToEx
CreatePen
SetBkColor
CreateFontIndirectA
StretchBlt
LineTo
CreateDIBitmap
CreatePalette
CreateCompatibleBitmap
DeleteObject
GetObjectA
comdlg32
GetOpenFileNameA
advapi32
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
RegSetValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyA
RegOpenKeyA
DeleteService
ControlService
OpenServiceA
ole32
CoUninitialize
CoCreateInstance
CoInitialize
Exports
Exports
_ItemDlg@16
_MainWndProc@16
_PromptDlg@16
_SharedDlg@16
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ