StartHook
StopHook
qn_ksHook
qn_tzHook
Behavioral task
behavioral1
Sample
b445404187094126920fe18d8766c100.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b445404187094126920fe18d8766c100.dll
Resource
win10v2004-20240226-en
Target
b445404187094126920fe18d8766c100
Size
12KB
MD5
b445404187094126920fe18d8766c100
SHA1
8c33786b8118de0a00baf74a6ccc4e1b2e080914
SHA256
e65324ea355fd709bc9359fe1aa039c70c4ee9bc6ca4550128f244189fe5e9ba
SHA512
98721bcab7be099ab1b0f63728524b83db08971b6a2dbf94dc32a38d0bba016c7aaa64273d45e902ddb13c6703a1cf5374842a9238dd1eefdb093ff9398ef5ad
SSDEEP
384:pqtsCXezbg4ZcVM3hy7Kc1IJ7iOdreUxHo8/7eq8yy:0sMe0Vihmx10xFVneqb
Detects file using ACProtect software.
resource | yara_rule |
---|---|
sample | acprotect |
resource | yara_rule |
---|---|
sample | upx |
Checks for missing Authenticode signature.
resource |
---|
b445404187094126920fe18d8766c100 |
unpack001/out.upx |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
StartHook
StopHook
qn_ksHook
qn_tzHook
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ