General
-
Target
imgengine.dll
-
Size
12.0MB
-
Sample
211218-p3gx6afheq
-
MD5
ef7de8e17a46bbb875ff5b48a5111f75
-
SHA1
1758ad8c4574dc8aba71ef4e541dd78579853826
-
SHA256
4563e5ab64572adb62bc0e4e6c472b4c6485c9e5af3aa40dc17d84170c442e82
-
SHA512
0a7a0316856c766fb0ec8dae0519acb480d3e1c738c4a2ba442cb8cc5e67b920839ade09bc69e54eb406bb4575cae9fd1958512c25a826e134d4d036b744fd80
Static task
static1
Behavioral task
behavioral1
Sample
imgengine.dll
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
imgengine.dll
-
Size
12.0MB
-
MD5
ef7de8e17a46bbb875ff5b48a5111f75
-
SHA1
1758ad8c4574dc8aba71ef4e541dd78579853826
-
SHA256
4563e5ab64572adb62bc0e4e6c472b4c6485c9e5af3aa40dc17d84170c442e82
-
SHA512
0a7a0316856c766fb0ec8dae0519acb480d3e1c738c4a2ba442cb8cc5e67b920839ade09bc69e54eb406bb4575cae9fd1958512c25a826e134d4d036b744fd80
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-