37dd2331ba4cd89cc7c0c69b3b3216c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

37dd2331ba4cd89cc7c0c69b3b3216c0N.exe
Size

127KB
MD5

37dd2331ba4cd89cc7c0c69b3b3216c0
SHA1

202df372bafdc6b2f6fd2a5a9971325adb1872f0
SHA256

e07a62daa2447302d69a686405dde20daee0c4661bc19a146c31d2c33c6eb15e
SHA512

100f38d9ccd9ba885885865349ba6e919ac30160dc561beed01de095c521dfd8d9781a1c34a4bcfa99f7a4275805fc5c58f89020dad0f71e68557f9c7cb9ca10
SSDEEP

3072:Y61bokiTCfbabqyZHThrpO5cU9Uvja0U+k8AEWw:X5okeCebqwlmcU9H0U+k8vWw

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
37dd2331ba4cd89cc7c0c69b3b3216c0N.exe
unpack001/out.upx

Files

37dd2331ba4cd89cc7c0c69b3b3216c0N.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

BZ2_blockSort
BZ2_bsInitWrite
BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bz__AssertH__fail
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite
BZ2_compressBlock
BZ2_crc32Table
BZ2_decompress
BZ2_hbAssignCodes
BZ2_hbCreateDecodeTables
BZ2_hbMakeCodeLengths
BZ2_indexIntoF
BZ2_rNums
_dist_code
_length_code
_tr_align
_tr_flush_bits
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gz_error
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
inflate_copyright
inflate_fast
inflate_table
lzma_alloc
lzma_alloc_zero
lzma_alone_decoder
lzma_alone_decoder_init
lzma_alone_encoder
lzma_auto_decoder
lzma_block_buffer_bound
lzma_block_buffer_bound64
lzma_block_buffer_decode
lzma_block_buffer_encode
lzma_block_compressed_size
lzma_block_decoder
lzma_block_decoder_init
lzma_block_encoder
lzma_block_encoder_init
lzma_block_header_decode
lzma_block_header_encode
lzma_block_header_size
lzma_block_total_size
lzma_block_uncomp_encode
lzma_block_unpadded_size
lzma_bufcpy
lzma_check_finish
lzma_check_init
lzma_check_is_supported
lzma_check_size
lzma_check_update
lzma_code
lzma_cputhreads
lzma_crc32
lzma_crc32_table
lzma_crc64
lzma_crc64_table
lzma_delta_coder_init
lzma_delta_coder_memusage
lzma_delta_decoder_init
lzma_delta_encoder_init
lzma_delta_props_decode
lzma_delta_props_encode
lzma_easy_buffer_encode
lzma_easy_decoder_memusage
lzma_easy_encoder
lzma_easy_encoder_memusage
lzma_easy_preset
lzma_end
lzma_fastpos
lzma_filter_decoder_is_supported
lzma_filter_encoder_is_supported
lzma_filter_flags_decode
lzma_filter_flags_encode
lzma_filter_flags_size
lzma_filters_copy
lzma_filters_update
lzma_footer_magic
lzma_free
lzma_get_check
lzma_get_progress
lzma_header_magic
lzma_index_append
lzma_index_block_count
lzma_index_buffer_decode
lzma_index_buffer_encode
lzma_index_cat
lzma_index_checks
lzma_index_decoder
lzma_index_dup
lzma_index_encoder
lzma_index_encoder_init
lzma_index_end
lzma_index_file_size
lzma_index_hash_append
lzma_index_hash_decode
lzma_index_hash_end
lzma_index_hash_init
lzma_index_hash_size
lzma_index_init
lzma_index_iter_init
lzma_index_iter_locate
lzma_index_iter_next
lzma_index_iter_rewind
lzma_index_memusage
lzma_index_memused
lzma_index_padding_size
lzma_index_prealloc
lzma_index_size
lzma_index_stream_count
lzma_index_stream_flags
lzma_index_stream_padding
lzma_index_stream_size
lzma_index_total_size
lzma_index_uncompressed_size
lzma_lz_decoder_init
lzma_lz_decoder_memusage
lzma_lz_decoder_uncompressed
lzma_lz_encoder_init
lzma_lz_encoder_memusage
lzma_lzma2_block_size
lzma_lzma2_decoder_init
lzma_lzma2_decoder_memusage
lzma_lzma2_encoder_init
lzma_lzma2_encoder_memusage
lzma_lzma2_props_decode
lzma_lzma2_props_encode
lzma_lzma_decoder_create
lzma_lzma_decoder_init
lzma_lzma_decoder_memusage
lzma_lzma_decoder_memusage_nocheck
lzma_lzma_encode
lzma_lzma_encoder_create
lzma_lzma_encoder_init
lzma_lzma_encoder_memusage
lzma_lzma_encoder_reset
lzma_lzma_lclppb_decode
lzma_lzma_lclppb_encode
lzma_lzma_optimum_fast
lzma_lzma_optimum_normal
lzma_lzma_preset
lzma_lzma_props_decode
lzma_lzma_props_encode
lzma_memlimit_get
lzma_memlimit_set
lzma_memusage
lzma_mf_bt2_find
lzma_mf_bt2_skip
lzma_mf_bt3_find
lzma_mf_bt3_skip
lzma_mf_bt4_find
lzma_mf_bt4_skip
lzma_mf_find
lzma_mf_hc3_find
lzma_mf_hc3_skip
lzma_mf_hc4_find
lzma_mf_hc4_skip
lzma_mf_is_supported
lzma_mode_is_supported
lzma_mt_block_size
lzma_next_end
lzma_next_filter_init
lzma_next_filter_update
lzma_outq_end
lzma_outq_get_buf
lzma_outq_init
lzma_outq_is_readable
lzma_outq_memusage
lzma_outq_read
lzma_physmem
lzma_properties_decode
lzma_properties_encode
lzma_properties_size
lzma_raw_buffer_decode
lzma_raw_buffer_encode
lzma_raw_coder_init
lzma_raw_coder_memusage
lzma_raw_decoder
lzma_raw_decoder_init
lzma_raw_decoder_memusage
lzma_raw_encoder
lzma_raw_encoder_init
lzma_raw_encoder_memusage
lzma_rc_prices
lzma_sha256_finish
lzma_sha256_init
lzma_sha256_update
lzma_simple_arm_decoder_init
lzma_simple_arm_encoder_init
lzma_simple_armthumb_decoder_init
lzma_simple_armthumb_encoder_init
lzma_simple_coder_init
lzma_simple_ia64_decoder_init
lzma_simple_ia64_encoder_init
lzma_simple_powerpc_decoder_init
lzma_simple_powerpc_encoder_init
lzma_simple_props_decode
lzma_simple_props_encode
lzma_simple_props_size
lzma_simple_sparc_decoder_init
lzma_simple_sparc_encoder_init
lzma_simple_x86_decoder_init
lzma_simple_x86_encoder_init
lzma_stream_buffer_bound
lzma_stream_buffer_decode
lzma_stream_buffer_encode
lzma_stream_decoder
lzma_stream_decoder_init
lzma_stream_encoder
lzma_stream_encoder_mt
lzma_stream_encoder_mt_memusage
lzma_stream_flags_compare
lzma_stream_footer_decode
lzma_stream_footer_encode
lzma_stream_header_decode
lzma_stream_header_encode
lzma_strm_init
lzma_tuklib_cpucores
lzma_tuklib_physmem
lzma_version_number
lzma_version_string
lzma_vli_decode
lzma_vli_encode
lzma_vli_size
uncompress
uncompress2
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 964B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 117KB - Virtual size: 120KB

UPX2 Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 3KB - Virtual size: 3KB

.rdata Size: 49KB - Virtual size: 49KB

.bss Size: - Virtual size: 964B

.edata Size: 9KB - Virtual size: 9KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 3KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 117KB - Virtual size: 120KB

UPX2
Size: 10KB - Virtual size: 12KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 3KB - Virtual size: 3KB

.rdata
Size: 49KB - Virtual size: 49KB

.bss
Size: - Virtual size: 964B

.edata
Size: 9KB - Virtual size: 9KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 3KB - Virtual size: 2KB