buer | 5f60751a506b400646e13f80d293079a5d77c2676032c71facab6430d58b38bc

General

Target

5f60751a506b400646e13f80d293079a5d77c2676032c71facab6430d58b38bc
Size

1.1MB
MD5

b3b79bc8884a27aff232672d8585158f
SHA1

72708636bee5f94c4ebd4a4847493e812dbb9008
SHA256

5f60751a506b400646e13f80d293079a5d77c2676032c71facab6430d58b38bc
SHA512

ff2ee0f7c66ceb0409b622f95c8e38d1a7532e3d34cfd652bdd160f619537ff0544ccd0ee8ccc7cc61f5aaf5fd96ad94947e1b6a8c469969782d78c31d0cf4dc
SSDEEP

24576:hEi4GSDmUjJFTGMksouQvBgbG+NR1gF+gF:u1jJVR0sdy2bRt

Score

10^/10

loader vmprotect buer

Malware Config

Extracted

Family

buer

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

loader

resource	yara_rule
sample	buer

Buer family
buer

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

5f60751a506b400646e13f80d293079a5d77c2676032c71facab6430d58b38bc
.exe windows x86

b00be9f6341d8c1d81c3079cc8903a58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strncmp

kernel32

VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 954KB - Virtual size: 953KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b00be9f6341d8c1d81c3079cc8903a58

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

Sections

.text Size: - Virtual size: 24KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 661KB

.vmp1 Size: 954KB - Virtual size: 953KB

.reloc Size: 512B - Virtual size: 132B

.rsrc Size: 193KB - Virtual size: 192KB

.text
Size: - Virtual size: 24KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 661KB

.vmp1
Size: 954KB - Virtual size: 953KB

.reloc
Size: 512B - Virtual size: 132B

.rsrc
Size: 193KB - Virtual size: 192KB