32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307

Sharing

Copy URL

Twitter E-mail

General

Target

32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307
Size

1.2MB
MD5

cfd0e9e4015c96fed70acf25be8d06a9
SHA1

d2f25c364248ba9c4b342ad3417d1ee27c0ec177
SHA256

32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307
SHA512

c8215e6dc8de1f8602758a95ae1351cb3d3c54a5d1632664ddb53a8918a6e5191854fd85a7085d43d3d81c8b06f17439ca91e5d1b0ffbfcaef7db827787728bf
SSDEEP

24576:dURcqxQHvxXvKHEVVoAftlYl3J62x7JUi7CbkSk4dlVtefEoY1j+p0IqqU:scwQHvQHEkAzgJ62x77CoSk4dgfE1U0v

Score

8^/10

vmprotect themida

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/六六辅助免费版1.0/Jsy66.dll	vmprotect

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/六六辅助免费版1.0/六六辅助.exe	themida

Files

32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307
.rar
六六辅助免费版1.0/Jsy66.dll
.dll windows x86

653d34f516d7a6952ebc50a906f0e7e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2725
ord6215
ord2086
ord823
ord6467
ord641
ord790
ord656
ord616
ord6502
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2587
ord6055
ord4078
ord1776
ord4406
ord5241
ord2385
ord5163
ord5199
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3394
ord4627
ord3729
ord567
ord324
ord804
ord2302
ord4234
ord4299
ord3092
ord6785
ord4710
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord2362
ord2301
ord540
ord800
ord2642
ord2915
ord3097
ord6334
ord3716
ord2366
ord6111
ord3610
ord6740
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord6374
ord4274
ord1255
ord1578
ord600
ord826
ord269

msvcrt

strncmp
__CxxFrameHandler
_ftol
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_itoa

kernel32

LocalFree
GetWindowsDirectoryA
GetVolumeInformationA
VirtualProtect
ExitProcess
GetModuleHandleA
GetProcAddress
LocalAlloc

user32

CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
SendMessageA
EnableWindow
MessageBoxA
KillTimer
GetKeyState
SetWindowsHookA
SetTimer

Exports

Exports

SetHook

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
六六辅助免费版1.0/传奇加速器_小贴士辅助[双挂开法]_66辅助_轻中变战调法 -原创视频在线观看视频下载-56网视频.url
.url
六六辅助免费版1.0/六六辅助.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
六六辅助免费版1.0/注意事项.txt

Sharing

General

Malware Config

Signatures

Files

653d34f516d7a6952ebc50a906f0e7e2

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 18KB

.Shared Size: 4KB - Virtual size: 64B

.rsrc Size: 8KB - Virtual size: 8KB

.vmp0 Size: 8KB - Virtual size: 4KB

.vmp1 Size: 88KB - Virtual size: 86KB

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 4KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 6KB

.vmp0 Size: 40KB - Virtual size: 39KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 1.1MB - Virtual size: 2.3MB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 18KB

.Shared
Size: 4KB - Virtual size: 64B

.rsrc
Size: 8KB - Virtual size: 8KB

.vmp0
Size: 8KB - Virtual size: 4KB

.vmp1
Size: 88KB - Virtual size: 86KB

.reloc
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 6KB

.vmp0
Size: 40KB - Virtual size: 39KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 1.1MB - Virtual size: 2.3MB