19a7dpcj[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

19a7dpcj.dll
Size

1.6MB
MD5

dabe78f82700ccf74e0d2bfefb49dd1c
SHA1

451f0a40b34f4ce9da0399c9451c51d39dc8fbd7
SHA256

b2ee4d6751df01200f3be9abf29e975158ae8a86df916427839068b6cd5a508b
SHA512

9078d9b9b56792a52c583b5aab61d96f2b130a9795fb380bc8bb7b59bfd099183f755be1de9314f8f7f017a6fbb4233bb9e6f339114b1517573d913fc958c75a
SSDEEP

24576:syyjuwqm1Cvpi5V6/FjV+SBbpmqyhaFvXqTcf6cHHEqfBGCQ9MFnDiA1GgI6hA3o:2r5gjzxyaX2cf6uHE2BGAnfvszH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19a7dpcj.dll

Files

19a7dpcj.dll
.dll windows:5 windows x86 arch:x86

88c22e015e8fedb579b5e21bba3ecd82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
LocalAlloc
LocalFree
DeviceIoControl
CreateHardLinkW
DeleteFileW
QueryPerformanceCounter
CreateDirectoryW
LoadLibraryW
GetProcessId
VirtualAllocEx
WriteProcessMemory
ProcessIdToSessionId
TerminateProcess
LoadLibraryA
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSection
TerminateThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
OutputDebugStringW
GetFileSize
InterlockedDecrement
GlobalAlloc
GlobalFree
VirtualQuery
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
ExitThread
SetThreadContext
GetThreadContext
GetModuleFileNameW
SetUnhandledExceptionFilter
MultiByteToWideChar
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
WriteFile
GetTickCount
GetCurrentThreadId
SetFilePointerEx
CreateFileW
OpenMutexW
GetLastError
GetCurrentProcess
LockResource
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
GetProcAddress
OpenProcess
CloseHandle
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
GetModuleHandleA
GetSystemInfo
SetFilePointer
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
IsValidLocale
EnumSystemLocalesA
SizeofResource
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStringTypeW
LCMapStringW
LCMapStringA
WideCharToMultiByte
WaitForSingleObject
CreateThread
Sleep
ExitProcess
GetCPInfo
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
CreateFileA
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
CreateRemoteThread
ResumeThread
SuspendThread
ReadFile
CreateMutexW
GetFileSizeEx
WaitForMultipleObjects
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

FindWindowW
GetThreadDesktop
GetAsyncKeyState
OpenDesktopW
SetThreadDesktop
FindWindowExW
GetWindowThreadProcessId
wsprintfW

advapi32

FreeSid
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerW
SetServiceStatus
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

oleaut32

VariantClear

shlwapi

StrCmpIW
PathFileExistsW

psapi

GetModuleFileNameExW

fwpuclnt

FwpmEngineOpen0
FwpmEngineClose0
FwpmFreeMemory0
FwpmFilterDeleteById0
FwpmFilterDestroyEnumHandle0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0

ws2_32

WSAJoinLeaf
htonl
ntohl
inet_ntoa
closesocket
ntohs
recvfrom
sendto
inet_addr
htons
setsockopt
socket
WSAStartup
gethostname
gethostbyname
WSAConnect
bind
send
recv
WSASocketW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject

wininet

InternetQueryOptionW
InternetSetOptionA
InternetSetOptionW
InternetConnectW
InternetOpenW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
HttpOpenRequestW

dnsapi

DnsFree
DnsQuery_W

iphlpapi

GetIpNetTable
SendARP
GetAdaptersInfo

Exports

Exports

DllEntry
Init
ServiceMain

Sections

.text
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c22e015e8fedb579b5e21bba3ecd82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shlwapi

psapi

fwpuclnt

ws2_32

version

crypt32

wininet

dnsapi

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 219KB

.rdata Size: - Virtual size: 60KB

.data Size: - Virtual size: 1.3MB

.vmp0 Size: - Virtual size: 121KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 212B

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 219KB

.rdata
Size: - Virtual size: 60KB

.data
Size: - Virtual size: 1.3MB

.vmp0
Size: - Virtual size: 121KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 212B

.rsrc
Size: 512B - Virtual size: 434B