Behavioral task
behavioral1
Sample
2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e.dll
Resource
win7-20230712-en
General
-
Target
2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e
-
Size
6.0MB
-
MD5
0c35071344e18b340cccf9a625a9cdb5
-
SHA1
08ec02759debfdacab772f76451153eaeaa9ddc7
-
SHA256
2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e
-
SHA512
a79862aedfc6432d3888280886935ce4efe6c358ea717ebd516e657aa35a78df9f3de9675d8cc3d5669e76d2382de0d984befa6b765683a28e6dbc68d40043ce
-
SSDEEP
98304:7nUY8k4GVWPxRi1ENvbSMOHcgMaWMJSSqyjbngSnVhSeL62f5x3vHDgW:JR4PxKADLO8gMapJTqJSn3WS5x3vH8W
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect
Files
-
2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e.dll windows x64
531372f8fed94a7a0e3b8ef647c7fcb7
Code Sign
24:c8:47:7e:dd:13:46:a1:4a:8e:39:13:06:76:18:3fCertificate
IssuerCN=Nokia 110 4G DS (2021) TurquoiseNot Before22-06-2023 13:04Not After23-06-2033 13:04SubjectCN=Nokia 110 4G DS (2021) Turquoise39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
21:7e:ab:40:36:01:6c:a8:95:0a:2d:ed:79:f2:73:9f:19:22:bd:83:9c:91:df:65:13:96:b0:be:ed:2f:af:c5Signer
Actual PE Digest21:7e:ab:40:36:01:6c:a8:95:0a:2d:ed:79:f2:73:9f:19:22:bd:83:9c:91:df:65:13:96:b0:be:ed:2f:af:c5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
wsprintfA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
ws2_32
getaddrinfo
advapi32
GetTokenInformation
kernel32
WriteFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
secur32
GetUserNameExA
ole32
CoUninitialize
wtsapi32
WTSSendMessageW
Exports
Exports
rundll
Sections
.text Size: - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 595B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 6.0MB - Virtual size: 6.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ