26f4774c7677d5fe83cb7da5c218a18b2aaee0bfbcbf4d51fc3b9a8fdffb88d5

Sharing

Copy URL Twitter E-mail

General

Target

26f4774c7677d5fe83cb7da5c218a18b2aaee0bfbcbf4d51fc3b9a8fdffb88d5
Size

346KB
MD5

ed8c498b4b19448c814bdcc85af00c01
SHA1

a48a23176b8762076954f1ab73f28f9d60526ab4
SHA256

26f4774c7677d5fe83cb7da5c218a18b2aaee0bfbcbf4d51fc3b9a8fdffb88d5
SHA512

8b6b0c50caf2986d14f8641e9529cec6f43953c46838af2f02c4a89ada45cbfc0b1fbdc48ecd06fc15b4121b5862001bf02a0a0b0505423cda08296fdb3b0b89
SSDEEP

6144:GLggE7YOdPcYyaIFJXtX5/leeqLjR3ysVppDwIpgfGvtoGEK0OzE+Tp5DQQE9:MggED9byXJVTqXRhpCIp6GvaGEK0OBl8

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/QQWG.exe	vmprotect

Files

26f4774c7677d5fe83cb7da5c218a18b2aaee0bfbcbf4d51fc3b9a8fdffb88d5
.rar
1.vbs
.vbs
QQWG.exe
.exe windows x86

eaf1480919b7ed8bd1ccf1ea3c7be57f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQkj.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 152KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsrr
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sound/T_c.wav
sound/T_s.wav

Sharing

General

Malware Config

Signatures

Files

eaf1480919b7ed8bd1ccf1ea3c7be57f

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Sections

.text Size: - Virtual size: 16KB

.data Size: - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 5KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 44KB - Virtual size: 43KB

.reloc Size: 4KB - Virtual size: 104B

Headers

File Characteristics

Sections

.text Size: 152KB - Virtual size: 544KB

.data Size: - Virtual size: 48KB

.rsrc Size: 408KB - Virtual size: 408KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

rsrr Size: 2KB - Virtual size: 8KB

.text
Size: - Virtual size: 16KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 5KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 44KB - Virtual size: 43KB

.reloc
Size: 4KB - Virtual size: 104B

.text
Size: 152KB - Virtual size: 544KB

.data
Size: - Virtual size: 48KB

.rsrc
Size: 408KB - Virtual size: 408KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

rsrr
Size: 2KB - Virtual size: 8KB