5065f7f6905e6f1f896d6c07f6a48346[.]dll[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5065f7f6905e6f1f896d6c07f6a48346.dll.exe
Size

4.8MB
MD5

5065f7f6905e6f1f896d6c07f6a48346
SHA1

aa8ef717d3a2d9d6ccc0a98e132568f87a374097
SHA256

dc8f09306aad5a7072051cefce4743d39d7517230d7de19f53027e08a13a4915
SHA512

84fb7f5e0cf1c4213dbc29e44b8a753c6dbd2172368d2185c74c6f2fe95bb55f1434b6bcab6e573f707780135665a6b6101a091ebc5ff68abd75ceaa778bda57
SSDEEP

98304:Nv79P4zrmQotbO6h2Pk1t+w6KMp1oXQclquyaSuxXe7FREY56omRA5nIwWAFD:NZwmQb62Pk1t+w69MCaSuxu70XSUAFD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5065f7f6905e6f1f896d6c07f6a48346.dll.exe

Files

5065f7f6905e6f1f896d6c07f6a48346.dll.exe
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ