3595e88a5c347cc73f3bc9839593594062c97cc1f9b90eb0a428c9176b1c103b

General

Target

3595e88a5c347cc73f3bc9839593594062c97cc1f9b90eb0a428c9176b1c103b
Size

5.4MB
MD5

22a473853ba02919b75085e31f94fc6a
SHA1

f055712cd9bc78a4077494020fb9c7ef44d95303
SHA256

3595e88a5c347cc73f3bc9839593594062c97cc1f9b90eb0a428c9176b1c103b
SHA512

375ac55931ae10557d8fa55e9eb146ab2c9b2d585bc1830072f967b4840d684204b3762556d7c51bde5e87379ae9adef0309b9082fd3be7b6a81f2947f8eea28
SSDEEP

98304:yCKnERP5PYfmqkNc5AMGuG/4NGBpv/+XWV6PsX35iYd1T+kxDFcQHTDZWIKLxmHO:tKYhemqkNaNGuG0GPv2XWV6PsX35iE10

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/倚天8代4u.exe	vmprotect

Files

3595e88a5c347cc73f3bc9839593594062c97cc1f9b90eb0a428c9176b1c103b
.rar
倚天8代4u.exe
.exe windows x64

4392f67b7daf185a12509fa625efba9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExW
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4392f67b7daf185a12509fa625efba9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Sections

.text Size: - Virtual size: 932KB

.rdata Size: - Virtual size: 185KB

.data Size: - Virtual size: 5.1MB

.pdata Size: - Virtual size: 30KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 224B

.rsrc Size: 265KB - Virtual size: 265KB

.text
Size: - Virtual size: 932KB

.rdata
Size: - Virtual size: 185KB

.data
Size: - Virtual size: 5.1MB

.pdata
Size: - Virtual size: 30KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 224B

.rsrc
Size: 265KB - Virtual size: 265KB