popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

V-aim.dll

IcedID VMProtect PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 19, 2021, 2:50 p.m. July 19, 2021, 2:50 p.m.
Size 9.5MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 68d7d6f7f4c22abe217d12cc42be689f
SHA256 30b26f80ad084b294ef805529d030861976835a419ea1d6ce796a1af717dff1c
CRC32 C1FFC71D
ssdeep 196608:+FYa5CCvN0PA6BTPZbGlbVBHdOPgs+KhgmtuXvvccpKGG/r6m0k4HmgV:+j8CmA4PZ0B0WKVuMyKX6m/cmg
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file
  • IsDLL - (no description)
  • IcedID_IN - IcedID

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .vmp0
section .vmp1
section {u'size_of_data': u'0x00988000', u'virtual_address': u'0x007ed000', u'entropy': 7.964646541530603, u'name': u'.vmp1', u'virtual_size': u'0x00987f38'} entropy 7.96464654153 description A section with a high entropy has been found
entropy 0.99989755148 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
FireEye Generic.mg.68d7d6f7f4c22abe
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
APEX Malicious
Paloalto generic.ml
Sophos ML/PE-A + Mal/VMProtBad-A
McAfee-GW-Edition BehavesLike.Win64.Generic.tc
SentinelOne Static AI - Suspicious PE
Cynet Malicious (score: 100)
McAfee Artemis!68D7D6F7F4C2