Overview

overview

10

Static

static

10

1964-56-0x...ry.dll

windows7-x64

3

1964-56-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1964-56-0x000007FEF4D70000-0x000007FEF573A000-memory.dmp

  • Size

    9.8MB

  • MD5

    2297e7609ce45dd879574db6f658dda4

  • SHA1

    7034d4bb83cbe50601dfb246d15d7c8468ec2637

  • SHA256

    9a12bfd6f617457c8995c282adc9347b435a5cb9b3ba100de4b9dfee582cbda7

  • SHA512

    08f4215b6a62c4e84a146c1b1ef9a097b05712ea5a381eca212f6e92f1829d4a3b1306d97642602bc17b07bcafe7dbfc1e4b9430138228c28215b95a64b8ba36

  • SSDEEP

    196608:jc5jf78ygZjpyEH1IVKap9lQ5jbkawGJvrui5VWUDLKUe+yN5B1X9G:jQ0J5eBp9lQRrvbNXZetV1X9

Score
10/10
vmprotectsystembc

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Signatures

  • Systembc family
    systembc
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1964-56-0x000007FEF4D70000-0x000007FEF573A000-memory.dmp
    .dll windows x64


    Headers

    Sections