Violence YCT[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Violence YCT.dll
Size

5.1MB
MD5

8b1e0498ed857f3392941722c3df3c6f
SHA1

d1fd52788ac8bfb82fb80e5bbcda53e33c0fc588
SHA256

9778a04e08c95ed1be44672ab1663805c7f71e53e913a93ff8d4af98a6a6eb50
SHA512

d4c4af17e4ad13ebe77b50663e7996601da1d8dc5de62d66c6a622f380255d06561c8f097d0f92e59c4f3db51ea7305a8885633bbc082f1bc4ba55b04e37d093
SSDEEP

98304:0CDhTPYpCmiUcTJYzzQu3Bb+XUBiGfxAOlwgTfpSGQkK0B2mdSvFw:0ATP0if9kE0MUvaswApSa5Ymdd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Violence YCT.dll

Files

Violence YCT.dll
.dll windows:6 windows x64 arch:x64

e9911a06de7fb61ee2a84b943021dd73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteA

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-heap-l1-1-0

malloc

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9911a06de7fb61ee2a84b943021dd73

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

wininet

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 472B

.pdata Size: - Virtual size: 672B

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 472B

.pdata
Size: - Virtual size: 672B

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 512B - Virtual size: 469B