14dc8d13d6a9e2cf72a27d553c9798faf5e79b9e09148123dd36360bb2b88344

General

Target

14dc8d13d6a9e2cf72a27d553c9798faf5e79b9e09148123dd36360bb2b88344
Size

331KB
MD5

5ca0a8247a11ccb9ab9eff250c77912d
SHA1

011c0d06314dd5c1cee575222a79c66d799a2518
SHA256

14dc8d13d6a9e2cf72a27d553c9798faf5e79b9e09148123dd36360bb2b88344
SHA512

7c2a4f29c763334fae5efc3f8fbc73948e43c032f46c9769b9cddac3bb7aae659165f1323ac2da702d6bb91c7f43f283ee0179217e547d733b6cc705963d7a76
SSDEEP

6144:jo2wl/rES7QUIlbDkxeh/unT3vTe3cuGLmq0iOyDqmKIN5NgkhSwXU:826/rtWMxeh/uT3be60iOyGYFdXE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
14dc8d13d6a9e2cf72a27d553c9798faf5e79b9e09148123dd36360bb2b88344
unpack001/out.upx

Files

14dc8d13d6a9e2cf72a27d553c9798faf5e79b9e09148123dd36360bb2b88344
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetModule2
GetModuleAddr64
Get_pid
openhwnd
read_memory64_bytes
read_memory64_float
read_memory64_int
write_memory64_bytes
write_memory64_float
write_memory64_int

Sections

UPX0
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 596KB

UPX1 Size: 322KB - Virtual size: 324KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 580KB - Virtual size: 579KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 72KB - Virtual size: 134KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 72KB - Virtual size: 69KB

UPX0
Size: - Virtual size: 596KB

UPX1
Size: 322KB - Virtual size: 324KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 580KB - Virtual size: 579KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 72KB - Virtual size: 134KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 72KB - Virtual size: 69KB