f83b007a1fb3c473b1597dd7ad5208db0ecbacd264914e206833fe5c15d76160 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f83b007a1fb3c473b1597dd7ad5208db0ecbacd264914e206833fe5c15d76160
Size

109KB
MD5

4c2558e592e68ff692b69a2f5dd2cce7
SHA1

0b3ee7432f6da61bab6c1c833297d92443816ff5
SHA256

f83b007a1fb3c473b1597dd7ad5208db0ecbacd264914e206833fe5c15d76160
SHA512

b3bb1729c624c83dad04fb55ae64dbe57ab3190ab6775fab1cecef466d5db2f87d1c62e3b1f0bb622810ffe890733e9fd16c0f5cce538714998aa9e43038e2d9
SSDEEP

3072:1ln7xOvjjqTXLndrepi+/iQNzX+0H2HgFik9tzHTe:rKP4U44N+LAAaS

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f83b007a1fb3c473b1597dd7ad5208db0ecbacd264914e206833fe5c15d76160

Files

f83b007a1fb3c473b1597dd7ad5208db0ecbacd264914e206833fe5c15d76160
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllMain
dlCloseProbe
dlGetFileFormat
dlGetFileFormatMEM
dlGetViRobotVersion
dlGetViRobotVersionEX
dlGetVirusName
dlGetVirusReport
dlProbeInto
dlProbeIntoMEM
dlRecoverFile
dlTurnOffViRobot
dlTurnOnViRobot
dlVRCloseEngine
dlVROpenEngine

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE