7232ff23c5d53aa4d94b81775a4eede5[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

7232ff23c5d53aa4d94b81775a4eede5.dll
Size

815KB
MD5

7232ff23c5d53aa4d94b81775a4eede5
SHA1

04f181c79a9896ea6d9442264912a1e865275af4
SHA256

5bd0cdcbb3ac6ef67a3dd145d86a00ee8e1996b4609f415becfaf3d2838b00dd
SHA512

629a35849357246a63b6713ce5c210c322bb1955840be9a6ddaa7689d9df2f5e95181a15bd612420894f6d73ac8d0d66e39bcfbb29f58f11201ad7023a8fecac
SSDEEP

12288:Kv5QwIAWmIXZANEb1vQMBQKrXc+5onbAJFZH6OtKHCST/pObUUNEIOCMUyF0tOB:KBiAXudQ8jjc+599t60rEIOn1FaOB

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

7232ff23c5d53aa4d94b81775a4eede5.dll
.dll windows x86

ff35e28aa21c538788adc346088390a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

kernel32

GetModuleHandleExA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateGuid

ws2_32

ntohs

setupapi

SetupDiGetClassDevsA

shlwapi

PathRemoveFileSpecA

psapi

GetModuleFileNameExA

gdi32

GetPath

Exports

Exports

AisinoBusiness
BwDecryptData
GetCorpInfo
GetDevType
GetNo
GetPath
GetResult
GetType
Initialize
Initialize_
UnInitialize_
UpdateCtx

Sections

.text
Size: - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff35e28aa21c538788adc346088390a6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

ws2_32

setupapi

shlwapi

psapi

gdi32

Exports

Exports

Sections

.text Size: - Virtual size: 194KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 682KB

.vmp1 Size: 813KB - Virtual size: 812KB

.reloc Size: 512B - Virtual size: 288B

.rsrc Size: 512B - Virtual size: 174B

.text
Size: - Virtual size: 194KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 682KB

.vmp1
Size: 813KB - Virtual size: 812KB

.reloc
Size: 512B - Virtual size: 288B

.rsrc
Size: 512B - Virtual size: 174B