836e9d8202b0dac5078fae211d9b8f59fd01e01d36075ddb33598b02e4bc0536[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

836e9d8202b0dac5078fae211d9b8f59fd01e01d36075ddb33598b02e4bc0536.dll
Size

2.1MB
MD5

cfc0b02e72c5c8e8f2c10accfb720eab
SHA1

1cfa768242d4d502e7cc81a39be649b60149ac4c
SHA256

836e9d8202b0dac5078fae211d9b8f59fd01e01d36075ddb33598b02e4bc0536
SHA512

43050118333599b96550b4cbcb0851baf352f6bb7abb4f5a09d9145e6a33c0f75dac8c33bc51c2aa89b25a54ecda1854b2cd74be86e63c4037baccfc105738f2
SSDEEP

24576:4HBaG8usSwizF92oQt85an9SLHAnYhJGxKzEr2S92p31W09f:E8ushwibt85aGH5G8S81W

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836e9d8202b0dac5078fae211d9b8f59fd01e01d36075ddb33598b02e4bc0536.dll

Files

836e9d8202b0dac5078fae211d9b8f59fd01e01d36075ddb33598b02e4bc0536.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0e5cab6151235c9b90eec6aca8a7c6ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qqmusiccommon

?GetFileNameFormPath@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V23@@Z

ws2_32

ntohl

wininet

InternetCanonicalizeUrlW

version

GetFileVersionInfoSizeW

kernel32

InterlockedIncrement
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowLongW
MessageBoxA

advapi32

RegCloseKey

ole32

StgOpenStorage

oleaut32

SysAllocString

atl80

ord32

shlwapi

PathFileExistsW

msvcp80

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

iphlpapi

GetIpForwardTable

msvcr80

_invalid_parameter_noinfo

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e5cab6151235c9b90eec6aca8a7c6ed

Headers

DLL Characteristics

File Characteristics

Imports

qqmusiccommon

ws2_32

wininet

version

kernel32

user32

advapi32

ole32

oleaut32

atl80

shlwapi

msvcp80

iphlpapi

msvcr80

netapi32

Exports

Exports

Sections

.text Size: - Virtual size: 816KB

.rdata Size: - Virtual size: 252KB

.data Size: - Virtual size: 38KB

.rsrc Size: 64KB - Virtual size: 63KB

.vmp0 Size: - Virtual size: 85KB

.vmp1 Size: - Virtual size: 986KB

.vmp2 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 164B

.text
Size: - Virtual size: 816KB

.rdata
Size: - Virtual size: 252KB

.data
Size: - Virtual size: 38KB

.rsrc
Size: 64KB - Virtual size: 63KB

.vmp0
Size: - Virtual size: 85KB

.vmp1
Size: - Virtual size: 986KB

.vmp2
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 164B