cba7a6b2b3f0f0005c3f0af84457099d | Triage

Sharing

General

Target

cba7a6b2b3f0f0005c3f0af84457099d
Size

210KB
MD5

cba7a6b2b3f0f0005c3f0af84457099d
SHA1

32e306a62bb0a7179ed498819b8d077e4640c027
SHA256

811dbd13d1f70d90adeddaa35bd51cf9a682873bb0f6218118f30ae9c8ae804d
SHA512

f9f1d53cc5d82d6600d333b339bb3fe11bc62bb2fa6a8a406fab059a2d0f103d3de8fb93d5ca646297986e8cbf96390ac393a84f1ac76609370c8d670847a9c3
SSDEEP

3072:0o1PmBqr1Zk2xGGhm2ahThx4352giC1Edri6nFi9eCm4tzT/exJQ1ANWwIeTfy:XRtEGh2X4JdZ1ER9Q24xefQuNMo

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cba7a6b2b3f0f0005c3f0af84457099d

Files

cba7a6b2b3f0f0005c3f0af84457099d
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

code
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE