7dfa73b35c518c26d6a3cba154784844d1d5656e02e247ed449d06274a695ab1

Analysis

max time kernel
126s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 10:46

Target

按键连发助手(4款)/其余几款/无限火力连招/华丽LOL无限火力助手.exe
Size

1.7MB
MD5

0470e3709467525cad4a613566072bfe
SHA1

4a1e1986cfa2f7dbf943b6ed1608b20140b9ce22
SHA256

15532a7bc2034f2acff0297ae2715d0e32b3c3ddd32a4a327a6e2a8938447f33
SHA512

5c7b23801a16b0b896fa91c4329fff1a5cd1de925ff693741f638f5f8c3b43cebc4efbb6e6e8ba1ad6bdd4cc96a2535b3504306425eba2d1a42cf819520dfce2
SSDEEP

24576:AqBAgG/1vJyQlmcXOzKht9zkpDSi6LMcrxf9LOd3O9EAkftAjmcW27dEXiKU7Yro:A6AgyBlmpGWANS3YhWgKU7GWegspNa

Score

7^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral4/memory/3976-0-0x0000000000400000-0x00000000005CC000-memory.dmp	vmprotect
behavioral4/memory/3976-1-0x0000000000400000-0x00000000005CC000-memory.dmp	vmprotect
behavioral4/memory/3976-4-0x0000000000400000-0x00000000005CC000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3976	华丽LOL无限火力助手.exe
3976	华丽LOL无限火力助手.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3976	华丽LOL无限火力助手.exe
3976	华丽LOL无限火力助手.exe

memory/3976-0-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/3976-1-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/3976-2-0x0000000076490000-0x0000000076491000-memory.dmp

Filesize
4KB

Download
memory/3976-3-0x0000000077060000-0x0000000077061000-memory.dmp

Filesize
4KB

Download
memory/3976-4-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download