@VpnToastedIcon[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

@VpnToastedIcon.dll
Size

7.7MB
MD5

b63c2c76f0eb281cb4e7a5aab17710e8
SHA1

b84de37c860512315de13cd57e2565bc3744dd24
SHA256

2cb05f654c315cd9204cd8cb30ad9d65bda2a4ac77977d180d89b0b018a1e0fa
SHA512

7b77a001715dd5f16687474b7b2869cafcf35f655b88afb0a25ca6a96bcf30b28695459768bc418c0e89c3434294f4909cc3d235bbee022020202d26c0de4ed4
SSDEEP

196608:sZSmPhJw9iYgYaRKnUweWuBxwZi4FMxAQJEUf:T2E0SaMnUPWi34iJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
@VpnToastedIcon.dll

Files

@VpnToastedIcon.dll
.dll windows:6 windows x64 arch:x64

d1df7f7d8e678a56536ddc35e97c906a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

jvm

JNI_GetCreatedJavaVMs

kernel32

FlushInstructionCache
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetClientRect
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

opengl32

glShadeModel

msvcp140

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

normaliz

IdnToAscii

ws2_32

getsockopt

wldap32

ord200

crypt32

CryptDecodeObjectEx

imm32

ImmSetCompositionWindow

xinput1_4

ord2

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strchr

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_errno

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-stdio-l1-1-0

_close

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-filesystem-l1-1-0

_stat64

api-ms-win-crt-math-l1-1-0

sin

advapi32

CryptEncrypt

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1df7f7d8e678a56536ddc35e97c906a

Headers

DLL Characteristics

File Characteristics

Imports

jvm

kernel32

user32

opengl32

msvcp140

normaliz

ws2_32

wldap32

crypt32

imm32

xinput1_4

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

wtsapi32

Sections

.text Size: - Virtual size: 833KB

.rdata Size: - Virtual size: 155KB

.data Size: - Virtual size: 6KB

.pdata Size: - Virtual size: 39KB

.vmp0 Size: - Virtual size: 5.3MB

.vmp1 Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 833KB

.rdata
Size: - Virtual size: 155KB

.data
Size: - Virtual size: 6KB

.pdata
Size: - Virtual size: 39KB

.vmp0
Size: - Virtual size: 5.3MB

.vmp1
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 512B - Virtual size: 233B