bdeb127ffc8ccb29eff6768d584b7e192c76fba3fe52113bbae2ec3195197a9f | Triage

Sharing

General

Target

bdeb127ffc8ccb29eff6768d584b7e192c76fba3fe52113bbae2ec3195197a9f
Size

389KB
MD5

2df832e8461c8e3e4dd28a9339ccbaf7
SHA1

9f5a2a1a37fe523d390bb306b90ba34a5cb01e8e
SHA256

bdeb127ffc8ccb29eff6768d584b7e192c76fba3fe52113bbae2ec3195197a9f
SHA512

16d4216ec0eb8cf05776e855c743e15d05f49b34e2c8f8dd35eeb78038401474b32b63e55dc22a2cf637f01ec2752282f06db28881f3f38884962d51ad63352a
SSDEEP

6144:+d4oy98LzlwgCSyWfZQqlODl8yNYuoe3zJlT1dhC4be9rj+vdZvV5c78xf4DKr5:Doy98LqlSy268TozHT1a4TPr+s5

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bdeb127ffc8ccb29eff6768d584b7e192c76fba3fe52113bbae2ec3195197a9f
unpack001/out.upx

Files

bdeb127ffc8ccb29eff6768d584b7e192c76fba3fe52113bbae2ec3195197a9f
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Login
Md5
get_49ck
get_code
get_gamekey
get_list
get_ranging
get_uid
save

Sections

UPX0
Size: - Virtual size: 844KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 380KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 656KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ