Overview
overview
9Static
static
3Code Virtu...lp.chm
windows7-x64
1Code Virtu...lp.chm
windows10-2004-x64
1Examples/A...le.exe
windows7-x64
1Examples/A...le.exe
windows10-2004-x64
1Examples/A...32.dll
windows7-x64
1Examples/A...32.dll
windows10-2004-x64
1Examples/A...le.exe
windows7-x64
1Examples/A...le.exe
windows10-2004-x64
1Examples/A...e2.exe
windows7-x64
1Examples/A...e2.exe
windows10-2004-x64
1Examples/C...ct2.js
windows7-x64
1Examples/C...ct2.js
windows10-2004-x64
1Examples/C...e.html
windows7-x64
1Examples/C...e.html
windows10-2004-x64
1Examples/C...e.html
windows7-x64
1Examples/C...e.html
windows10-2004-x64
1Include/C/...on.pdf
windows7-x64
1Include/C/...on.pdf
windows10-2004-x64
1Lib/Device...DK.sys
windows7-x64
1Lib/Device...DK.sys
windows10-2004-x64
1Lib/Device...DK.sys
windows7-x64
1Lib/Device...DK.sys
windows10-2004-x64
1Lib/Virtua...32.dll
windows7-x64
1Lib/Virtua...32.dll
windows10-2004-x64
1Lib/Virtua...64.dll
windows7-x64
1Lib/Virtua...64.dll
windows10-2004-x64
1StealthMod...on.pdf
windows7-x64
StealthMod...on.pdf
windows10-2004-x64
1Virtualizer.exe
windows7-x64
9Virtualizer.exe
windows10-2004-x64
9Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
Code Virtualizer Help.chm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
Code Virtualizer Help.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Examples/Assembly/MASM/Via API/Example.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Examples/Assembly/MASM/Via API/Example.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Examples/Assembly/MASM/Via API/VirtualizerSDK32.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Examples/Assembly/MASM/Via API/VirtualizerSDK32.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Examples/Assembly/MASM/Via Macro/Example.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Examples/Assembly/MASM/Via Macro/Example.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Examples/Assembly/MASM/Via Macro/Example2.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
Examples/Assembly/MASM/Via Macro/Example2.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Examples/C/CBuilder/Project2.js
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
Examples/C/CBuilder/Project2.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Examples/C/VC (via ASM module)/vc_example.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
Examples/C/VC (via ASM module)/vc_example.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Examples/C/VC/vc_example.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
Examples/C/VC/vc_example.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Include/C/Via ASM module/How to add ASM files in your Solution.pdf
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
Include/C/Via ASM module/How to add ASM files in your Solution.pdf
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Lib/Device Drivers/32-bit/VirtualizerDDK.sys
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
Lib/Device Drivers/32-bit/VirtualizerDDK.sys
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Lib/Device Drivers/64-bit/VirtualizerDDK.sys
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
Lib/Device Drivers/64-bit/VirtualizerDDK.sys
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Lib/VirtualizerSDK32.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
Lib/VirtualizerSDK32.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Lib/VirtualizerSDK64.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
Lib/VirtualizerSDK64.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
StealthMode/Device Drivers/How to add ASM files in your Solution.pdf
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
StealthMode/Device Drivers/How to add ASM files in your Solution.pdf
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Virtualizer.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
Virtualizer.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Examples/Assembly/MASM/Via API/VirtualizerSDK32.dll
-
Size
2KB
-
MD5
d2b4513f229a825f4af2a0d7a3d029d5
-
SHA1
da7ea5ce8f3fd38aeb6b66a4821a207179ff74a8
-
SHA256
bc85f13d1137fabf3bddea1a0e4558c2021156b437b7d955d79d55e317204cd6
-
SHA512
d9c3201ee7e9456985f4927dcc9481b10f6374f0a6792988a847df11ee9fe362bff3fee4732e2a00950925d76f9c6d7b365938f8cc4388bec147ee08f1fac496
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2496 wrote to memory of 2256 2496 rundll32.exe 28 PID 2496 wrote to memory of 2256 2496 rundll32.exe 28 PID 2496 wrote to memory of 2256 2496 rundll32.exe 28 PID 2496 wrote to memory of 2256 2496 rundll32.exe 28 PID 2496 wrote to memory of 2256 2496 rundll32.exe 28 PID 2496 wrote to memory of 2256 2496 rundll32.exe 28 PID 2496 wrote to memory of 2256 2496 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Examples\Assembly\MASM\Via API\VirtualizerSDK32.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Examples\Assembly\MASM\Via API\VirtualizerSDK32.dll",#12⤵PID:2256
-