9b4964a475a7a83b229b13462dbc3c77

General

Target

9b4964a475a7a83b229b13462dbc3c77
Size

36KB
MD5

9b4964a475a7a83b229b13462dbc3c77
SHA1

bd1413836a119f682d8d7519deecd0e9c5c0025f
SHA256

27e613ce0f51aafc0667e1d2678bcbad971ea1c71261cce485825cf4127066c2
SHA512

7038d597306ba15b3e1f71e9c0c0e85d72a224b673806ed52aa1ddbe2a90bc827c854c29aa0308b3b63a0375f798d1ac68c279543ed95496928877614354a38d
SSDEEP

768:4bPbl7DgYiOwoAWnTeksApw2lbQ/yDfQjMg/5:4PlAewZWTp1QWBg/5

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9b4964a475a7a83b229b13462dbc3c77
unpack001/out.upx

Files

9b4964a475a7a83b229b13462dbc3c77
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Arecv
Asend
EnumProtocolsA
EnumProtocolsW
GetAddressByNameA
GetAddressByNameW
GetNameByTypeA
GetNameByTypeW
GetServiceA
GetServiceW
GetTypeByNameA
GetTypeByNameW
NPLoadNameSpaces
SetServiceA
SetServiceW
TransmitFile
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSAIsBlocking
WSARecvEx
WSASetBlockingHook
WSASetLastError
WSAStartup
WSAUnhookBlockingHook
WSHEnumProtocols
WsControl
__WSAFDIsSet
accept
bind
closesocket
closesockinfo
connect
dn_expand
gethostbyaddr
gethostbyname
gethostname
getnetbyname
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_network
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
rcmd
recv
recvfrom
rexec
rresvport
s_perror
select
send
sendto
sethostname
setsockopt
shutdown
socket

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 72KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 8KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 72KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 8KB - Virtual size: 5KB