rundll[.]exe | Triage

Sharing

General

Target

rundll.exe
Size

4.0MB
MD5

8d042aad9f0f5f149fdf1fad7320fad1
SHA1

977ac40982019f42975f36dc603b566ca0f6dc67
SHA256

ad78c9580b03cf3943bb989b3fc8d5cfd37828c2dbef3c9dd7affc36e59092bc
SHA512

fe092f1a37b029cafef3e01306dfc9c793792d0f5411c6983c10e671844c0d26652e4d7bf2356531557b8b24e8acb5bcb7c137aa27d96c6ea53ee5b260b75cea
SSDEEP

98304:+YKLv4HzNbKdsH53MxGeGCB+LseyeClgMIJYRPskUUAYdZ+:+YgvWx+O9MxhsyeCVIJS9U/P

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

rundll.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ