aaff701275548ad21a1a2ffeaa6c4a63899b9ccca21f0ad27879e5034f9bfdd8

Sharing

Copy URL

Twitter E-mail

General

Target

aaff701275548ad21a1a2ffeaa6c4a63899b9ccca21f0ad27879e5034f9bfdd8
Size

392KB
MD5

323ed8526a55eb851160566e87524a3a
SHA1

5d05b71d5c99581f8119e4a869a66c19cd3add70
SHA256

aaff701275548ad21a1a2ffeaa6c4a63899b9ccca21f0ad27879e5034f9bfdd8
SHA512

c8480640ddcc2c064441754361faa40fe491e4d5dd559c6a53c884eb2d30777b19ee563bb1eed214114b75232cb88a1c67ee5acb240b526aeb0f5d59eaa1ec47
SSDEEP

6144:v+xEcnGdI421lJGksAMzVr31/vznGka/5m26/WlmIK5/ixWwDN5zBiGeVQJTptOo:2RQDr31Hznta/5AEmTiEwDrzBiZVAA

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaff701275548ad21a1a2ffeaa6c4a63899b9ccca21f0ad27879e5034f9bfdd8

Files

aaff701275548ad21a1a2ffeaa6c4a63899b9ccca21f0ad27879e5034f9bfdd8
.dll windows:5 windows x86 arch:x86

ef968ddce19fe2b8cca38c3f47c24f26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CloseEventLog
ClearEventLogW
CryptDestroyHash
CryptCreateHash
RegDeleteValueW
CryptReleaseContext
OpenEventLogW
CryptAcquireContextW
CryptGetHashParam
RegSetValueExW
AdjustTokenPrivileges
RegEnumKeyExW
GetCurrentHwProfileW
RegOpenKeyExW
LookupAccountSidW
LookupPrivilegeValueW
RegQueryInfoKeyW
GetTokenInformation
RegCreateKeyW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegCloseKey
RegOpenKeyW
RegQueryValueExW
CryptHashData
RegCloseKey

dinput8

DirectInput8Create
DirectInput8Create

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
SetDIBColorTable
CreateCompatibleBitmap
StretchBlt
GetDeviceCaps
CreateDIBSection
DeleteDC
GetDIBits
SetStretchBltMode
GetObjectW
DeleteDC

iphlpapi

GetAdaptersInfo
GetAdaptersInfo

kernel32

GetCurrentThreadId
SwitchToThread
SetLastError
GetNativeSystemInfo
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
InterlockedExchange
ResetEvent
CreateEventW
CancelIo
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
ExitProcess
GetCommandLineW
GetThreadContext
CreateMutexW
SetThreadContext
GetDriveTypeW
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
CreateProcessW
GetCurrentProcess
GetLogicalDriveStringsW
GetModuleHandleW
GetTickCount
GetProcessHeap
CreateRemoteThread
WriteFile
OpenProcess
GlobalAlloc
GetSystemDirectoryW
LoadLibraryW
GetLocaleInfoW
GetSystemPowerStatus
SizeofResource
GetConsoleWindow
GetVersionExW
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetModuleFileNameW
GetSystemDirectoryA
CreateFileW
lstrcmpW
GetStartupInfoW
GetProcAddress
VirtualProtectEx
VirtualAllocEx
GlobalFree
GetLocalTime
CloseHandle
Process32FirstW
GetProcessId
LocalAlloc
LockResource
QueryDosDeviceW
GetSystemInfo
GetModuleFileNameA
Process32NextW
lstrcmpiW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
GetCurrentProcessId
LocalFree
WriteProcessMemory
ResumeThread
lstrcpyW
GetEnvironmentVariableW
GetFileSize
SetPriorityClass
GlobalSize
CreateDirectoryW
GlobalLock
GetCurrentThread
CopyFileW
GetFileAttributesW
ReadFile
SetThreadPriority
WritePrivateProfileStringW
GlobalUnlock
GetTempPathW
MoveFileW
TlsFree
WinExec
DeleteFileW
ExpandEnvironmentStringsW
IsBadReadPtr
VirtualProtect
TerminateProcess
QueueUserAPC
IsDebuggerPresent
CheckRemoteDebuggerPresent
CreateThread
SetFilePointer
ReleaseMutex
RaiseException
HeapReAlloc
HeapSize
CreateEventA
Sleep
LoadLibraryA
GetLastError
EncodePointer
DecodePointer
InitializeCriticalSection
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetCommandLineA
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEvent
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
HeapCreate
LeaveCriticalSection
HeapDestroy
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
HeapFree
InterlockedDecrement
HeapAlloc
InterlockedIncrement
VirtualAlloc
VirtualFree
SetHandleCount
GetFileType
GetTimeZoneInformation
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetStdHandle
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStdHandle
GlobalMemoryStatusEx
GetShortPathNameW
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryA
GetProcAddress
VirtualProtect

kernelbase

UpdateProcThreadAttribute
InitializeProcThreadAttributeList

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysStringLen

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleFileNameExW

shell32

SHChangeNotify
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify

shlwapi

PathIsDirectoryA
PathFindFileNameW
PathRemoveExtensionW
PathIsDirectoryA

user32

PostThreadMessageA
GetMessageW
GetInputState
ShowWindow
PostThreadMessageW
ExitWindowsEx
GetDC
ReleaseDC
OpenClipboard
GetSystemMetrics
EnumWindows
wsprintfW
GetForegroundWindow
GetWindowTextW
GetLastInputInfo
IsWindowVisible
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
GetClipboardData
GetKeyState
GetDesktopWindow
CloseClipboard

wininet

DeleteUrlCacheEntryW
DeleteUrlCacheEntryW

winmm

timeGetTime
waveInGetNumDevs
timeGetTime

ws2_32

WSASetLastError
WSACreateEvent
shutdown
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
WSACloseEvent
inet_addr
inet_ntoa
gethostbyname
closesocket
WSAResetEvent
WSAWaitForMultipleEvents
gethostname
sendto
recvfrom
select
htons
setsockopt
WSACleanup
recv
socket
WSAIoctl
WSAStartup
connect
send
send

dxgi

CreateDXGIFactory
CreateDXGIFactory

gdiplus

GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawImageI
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipBitmapUnlockBits
GdipSaveImageToStream
GdiplusStartup
GdiplusShutdown
GdipFree

combase

CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
GetHGlobalFromStream

ole32

CoInitialize
CoInitialize

urlmon

URLDownloadToFileW
URLDownloadToFileW

Exports

Exports

ProcessMain

Sections

UPX0
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef968ddce19fe2b8cca38c3f47c24f26

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

dinput8

gdi32

iphlpapi

kernel32

kernelbase

oleaut32

psapi

shell32

shlwapi

user32

wininet

winmm

ws2_32

dxgi

gdiplus

combase

ole32

urlmon

Exports

Exports

Sections

UPX0 Size: 244KB - Virtual size: 244KB

UPX1 Size: 128KB - Virtual size: 128KB

.rsrc Size: 16KB - Virtual size: 16KB

UPX0
Size: 244KB - Virtual size: 244KB

UPX1
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 16KB - Virtual size: 16KB