popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

CompPkgSup_.dll

VMProtect Malicious Library PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 14, 2024, 10:35 a.m. Oct. 14, 2024, 10:35 a.m.
Size 5.3MB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 5a64f8b68c232aa482411d1638011b6b
SHA256 2fb59f7698a1ec5f801292ec4c63dcdf256b96d0a199eb7acd014dd8f7c6dad0
CRC32 3BB4A61C
ssdeep 98304:4aHpWI0k8jKXTXvpDMoeaJCFR9sraDAuuY94onZJO1BS16NHG:aI38jM9ARKraDGY1nDOOqHG
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .00cfg
section .fptable
section .retplne
section _RDATA
section .vmp0
section .vmp1
section {u'size_of_data': u'0x00550c00', u'virtual_address': u'0x0067e000', u'entropy': 7.906922648337961, u'name': u'.vmp1', u'virtual_size': u'0x00550b88'} entropy 7.90692264834 description A section with a high entropy has been found
entropy 0.999908147332 description Overall entropy of this PE file is high
section .vmp0 description Section name indicates VMProtect
section .vmp1 description Section name indicates VMProtect
Bkav W64.AIDetectMalware
Cylance Unsafe
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/GenCBL.BUN
McAfeeD ti!2FB59F7698A1
Trapmine malicious.moderate.ml.score
Sophos Generic Reputation PUA (PUA)
Ikarus Trojan.Win32.Generic
Google Detected
Antiy-AVL GrayWare/Win32.Wacapew
Microsoft Program:Win32/Wacapew.C!ml
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.1701313370
Fortinet W32/GenCBL.BUN!tr