4f14988909d40f4de95e09a240865f161caeacdc5953996011fcf67ea7b6e8a8

Sharing

Copy URL Twitter E-mail

General

Target

4f14988909d40f4de95e09a240865f161caeacdc5953996011fcf67ea7b6e8a8
Size

9KB
MD5

45f20c1785a080b5e9569777c352b2da
SHA1

acf0aa315a92c8203126959655457ef12342e71c
SHA256

4f14988909d40f4de95e09a240865f161caeacdc5953996011fcf67ea7b6e8a8
SHA512

e1c1b7f1ed2c02d2463839b15fbb97f9989ad868eb14e5096a7d8714dde4bcb42bcf49d778d6eb33a39eed5619c2d162ea95ca68b7e40997aedb0677bacf78ca
SSDEEP

96:iqOU3DYYAaMb3QiruBQYdtC4g1ZyaLiq6pPWs9zHbRgPgSdD1EnkNmkFfGWb6NDu:oUzY8nirxYqLLrCzKDGnkNtheDWpHn

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

4f14988909d40f4de95e09a240865f161caeacdc5953996011fcf67ea7b6e8a8
.dll windows:5 windows x86 arch:x86

Code Sign

0f:f0:67:d8:01:f7:da:ee:ae:84:2e:9f:e5:f6:10:ea
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/07/2015, 00:00

Not After

01/08/2018, 12:00

Subject

CN=ASUSTeK Computer Inc.,O=ASUSTeK Computer Inc.,L=Taipei City,ST=Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:de:3a:d0:31:25:14:8c:04:7f:79:e7:88:b4:c5:1a:6c:42:2d:7f
Signer

Actual PE Digest

40:de:3a:d0:31:25:14:8c:04:7f:79:e7:88:b4:c5:1a:6c:42:2d:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ASEX_Model_String
ASEX_block_count
ASEX_boot_block_version
ASEX_caller_id
ASEX_check_bios_image
ASEX_customer
ASEX_date
ASEX_flash_size
ASEX_get_bios_image
ASEX_hardware_compatible_version
ASEX_logo
ASEX_major_version
ASEX_mb
ASEX_message
ASEX_minor_version
ASEX_product
ASEX_systemflag
ASEX_update_bios_firmware

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0f:f0:67:d8:01:f7:da:ee:ae:84:2e:9f:e5:f6:10:eaCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

40:de:3a:d0:31:25:14:8c:04:7f:79:e7:88:b4:c5:1a:6c:42:2d:7fSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 4KB - Virtual size: 4KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 780B

.reloc Size: 1024B - Virtual size: 516B

0f:f0:67:d8:01:f7:da:ee:ae:84:2e:9f:e5:f6:10:ea
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

40:de:3a:d0:31:25:14:8c:04:7f:79:e7:88:b4:c5:1a:6c:42:2d:7f
Signer

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 4KB - Virtual size: 4KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 780B

.reloc
Size: 1024B - Virtual size: 516B