_AttachPlugin@4
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
58e83661d0d0ba2cd6c713a0da6f76a939ffde3e88971f3ea334eac24a1749bb.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
58e83661d0d0ba2cd6c713a0da6f76a939ffde3e88971f3ea334eac24a1749bb.dll
Resource
win10v2004-20240426-en
General
-
Target
58e83661d0d0ba2cd6c713a0da6f76a939ffde3e88971f3ea334eac24a1749bb
-
Size
5.7MB
-
MD5
45ac0508ce8180aed3c896cdaac625cf
-
SHA1
f71b93edb7372b8933e58e24cd6594728cf72334
-
SHA256
58e83661d0d0ba2cd6c713a0da6f76a939ffde3e88971f3ea334eac24a1749bb
-
SHA512
03055d8592fd7627fd078801cc5761a7ff3b0cb9b7a8c5c39da7e68aef56e36aab52265af9aee69b92b3ef021a4d2758fe3c1b375c8b98abc89ac743b43825d4
-
SSDEEP
98304:Vz69TM5zHRQewG8m1XI3mXZOyG3AUUEJ8CCdtQou9mHWde:Vm4au8L34byAiJ6d6ouA2
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 58e83661d0d0ba2cd6c713a0da6f76a939ffde3e88971f3ea334eac24a1749bb
Files
-
58e83661d0d0ba2cd6c713a0da6f76a939ffde3e88971f3ea334eac24a1749bb.dll windows:6 windows x86 arch:x86
3f3944c7bf6085051267ecc1ebda831f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
gdiplus
GdipCloneBrush
kernel32
GetVersionExW
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
user32
GetSystemMetrics
CharUpperBuffW
gdi32
SetViewportOrgEx
advapi32
RegOpenKeyExW
RegCloseKey
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
shell32
SHBrowseForFolderW
ole32
CoFreeUnusedLibraries
oleaut32
SafeArrayGetUBound
msimg32
AlphaBlend
comctl32
ImageList_GetIcon
shlwapi
PathFileExistsW
uxtheme
OpenThemeData
oledlg
OleUIBusyW
version
VerQueryValueW
winmm
PlaySoundW
oleacc
LresultFromObject
imm32
ImmReleaseContext
winspool.drv
DocumentPropertiesW
wtsapi32
WTSSendMessageW
Exports
Exports
Sections
.text Size: - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 5.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 448KB - Virtual size: 447KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ