Pass_1234_Setup[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Pass_1234_Setup.rar
Size

5.7MB
MD5

ad68d52dd948f29581087728a9cc86b2
SHA1

fd396cb64a35328d3e46d41de06a3cc6bb205e66
SHA256

de7b2ec7660dfa55841ae4d8ea48a85228872d46d89bb4d0b60b6503aaf18304
SHA512

6b9c246ac7562eedb42c3dbc540cb329f3832896142ca8f484ce71977cd2b6051cc3baf8f116eccefcf484d3a751d0f16a4a06d92f3885ecf0933b1ba46f37a3
SSDEEP

98304:Avb4iwXbbqk6eeSO9z86+GK/UGWR1STN5ntPzhlMh7/3SzLeqNaRHMVBdnq3A0r7:fJESFPQR1IN59iLCNNOMlKSyh

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Setup.exe	vmprotect

Files

Pass_1234_Setup.rar
.rar

Password: 1234
Setup.exe
.exe windows x86

Password: 1234

f388431c4236c7d3533d88c7e0870384

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

Sections

.text
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

≚≛��
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

≚≛��
Size: - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

f388431c4236c7d3533d88c7e0870384

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: - Virtual size: 202KB

.rdata Size: - Virtual size: 56KB

.data Size: - Virtual size: 84KB

≚≛�� Size: - Virtual size: 540KB

≚≛�� Size: - Virtual size: 543KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 1024B - Virtual size: 760B

.vmp2 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 510KB

.text
Size: - Virtual size: 202KB

.rdata
Size: - Virtual size: 56KB

.data
Size: - Virtual size: 84KB

≚≛��
Size: - Virtual size: 540KB

≚≛��
Size: - Virtual size: 543KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 1024B - Virtual size: 760B

.vmp2
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 510KB