deceit_[unknowncheats[.]me]_[.]vmp_[unknowncheats[.]me]_[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

deceit_[unknowncheats.me]_.vmp_[unknowncheats.me]_.dll
Size

4.5MB
MD5

9f24ebe268d2752eeb0e6bf8e5ebae4d
SHA1

c881524b0d954da9d37f04cbcc40210a490414c6
SHA256

4a9f1e4793e02744b2f59d4492655eb6b2c958fe0f4afe738da43bbdf386bbaa
SHA512

a1fe835af281d40ac8a7c9d68974cb1547e20f845926113895bfce5a7b39729af886ff85e0f6173861966e499e0d5d41db81767507c27e3c88a2fa3f860fccb1
SSDEEP

98304:4/49hiKo5VxasieEP4jFr9yJ2xXPx+fyqPaW754:4/aiLRjEAjFr9Bx/x+ayd4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deceit_[unknowncheats.me]_.vmp_[unknowncheats.me]_.dll

Files

deceit_[unknowncheats.me]_.vmp_[unknowncheats.me]_.dll
.dll windows:6 windows x64 arch:x64

33aa9cbd9596a6dc4fa85d550bb2018a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetAsyncKeyState
CharUpperBuffW

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2

wtsapi32

WTSSendMessageW

advapi32

RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Sections

.text
Size: - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33aa9cbd9596a6dc4fa85d550bb2018a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3d11

imm32

d3dcompiler_47

xinput1_4

wtsapi32

advapi32

Sections

.text Size: - Virtual size: 735KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: - Virtual size: 195KB

.pdata Size: - Virtual size: 46KB

_RDATA Size: - Virtual size: 148B

.vmp0 Size: - Virtual size: 2.6MB

.vmp1 Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 735KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: - Virtual size: 195KB

.pdata
Size: - Virtual size: 46KB

_RDATA
Size: - Virtual size: 148B

.vmp0
Size: - Virtual size: 2.6MB

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 233B