edada1b4d3393aab4ea96ad495817d12[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

edada1b4d3393aab4ea96ad495817d12.dll
Size

5.2MB
MD5

edada1b4d3393aab4ea96ad495817d12
SHA1

e34b3f56c941eeb37ab01110ab4f96d748808ac3
SHA256

089809e73354648b3caed7db6bc24dcce4f2ef0f327206fd14f36c6619d9ed30
SHA512

076558c2f02b050dd086b290290a54fc30fa989b6d5ee23edbf4f88dacc4a4f427b6b74edea4d3aacd8bdee51f53f55f13d18f27fde6c48bd4e0ff0e8be6c140
SSDEEP

98304:qutq1FWGW63povdQM/uAP0cfbPYKzDlRhQ/kxyZCXqj0xInUFeO3J:jq1wGt3idQdAcuHHlRWkMmgmInUFe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edada1b4d3393aab4ea96ad495817d12.dll

Files

edada1b4d3393aab4ea96ad495817d12.dll
.dll windows:5 windows x86 arch:x86

dc4269f9e48f114df0135f4ccd823328

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ