SecuriteInfo[.]com[.]Trojan[.]TR[.]Black[.]Gen2[.]2258[.]28712[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.TR.Black.Gen2.2258.28712.dll
Size

1.4MB
MD5

9d9d376ea78a25e6e67f2fea0275f271
SHA1

96571dcd80bd3786e0faf72590e82eb4cf3a2a6c
SHA256

b2ff7ceeb95855266f83e24c4f733d4c01f8ed9a83448d9aa7a5b0bed1ceabbe
SHA512

1b84a976af652c9ed9af5e48d2ad7bce9c60a45360fabefd7a61e147376f95faeccc2ae3f7c7bbf575d544d0d0aeba61fa8b2ab6b999da8174d699511dfbe55a
SSDEEP

24576:yWHEdVpbdGgFcrb8+E4yLuSs9+3GX6Uv:zkdXdnas1yPsW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.TR.Black.Gen2.2258.28712.dll

Files

SecuriteInfo.com.Trojan.TR.Black.Gen2.2258.28712.dll
.dll regsvr32 windows:5 windows x86

b20290ab5d677de83b73ef09d0f37b6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSARecv

iphlpapi

GetAdaptersInfo

xlluaruntime

lua_tolstring

kernel32

SetLastError
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

KillTimer
MessageBoxA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

RegisterTypeLi

atl90

ord61

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcr90

fread

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
XLUserS_CreateXunleiUserInstance

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 631KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b20290ab5d677de83b73ef09d0f37b6e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

xlluaruntime

kernel32

user32

shell32

ole32

oleaut32

atl90

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: - Virtual size: 199KB

.rdata Size: - Virtual size: 52KB

.data Size: - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 16KB

.vmp0 Size: - Virtual size: 22KB

.vmp1 Size: - Virtual size: 516KB

.vmp2 Size: 631KB - Virtual size: 630KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: - Virtual size: 199KB

.rdata
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 16KB

.vmp0
Size: - Virtual size: 22KB

.vmp1
Size: - Virtual size: 516KB

.vmp2
Size: 631KB - Virtual size: 630KB

.reloc
Size: 512B - Virtual size: 240B