bf7f871a1514b5c96367986819825ad2[.]dll[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf7f871a1514b5c96367986819825ad2.dll.exe
Size

2.9MB
MD5

bf7f871a1514b5c96367986819825ad2
SHA1

d502c9059ec85d76d4913c37ddd274514c0321cf
SHA256

1bd1c6c6223f750413686f6044559db4a06baff876e89a2268c8f329571b0be0
SHA512

651aaadc49fab0cba302bd53756c721ce9a31c2825e633c11bd9e5dba54f9ca12ad8859592103ae00f5c236890d1754edaf1da21818d9db2cf4774874cefce39
SSDEEP

49152:llxuLV9yVhoSZSLBVqXNeFTKWlH4nZTmDw9/YhS0KmiaqyR1RpUJal96BwT7Okpl:jLuSoV+yTXcmw9ghSxaq+zRliwT6MAA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf7f871a1514b5c96367986819825ad2.dll.exe

Files

bf7f871a1514b5c96367986819825ad2.dll.exe
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

rundll

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ