Setup_File_1234_Pass[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Setup_File_1234_Pass.rar
Size

7.2MB
MD5

d6c9bc4d022da1753855c8846c643789
SHA1

134ce8e2c6a07d96bdbda6bd55ba4dc13b7ca6c6
SHA256

fe921cf2f70cd58c368557e92bb70a35f04f29f7c770adbafd252278c508947d
SHA512

ca302ceea90f7e404da9557ce8877c67b7f2abb5b3a4f75a2038e48c7d5435c42a953c96f391c4c57d8474b6b1dfde9fc0b841cc3f17afd7b3f3a63f16b417bb
SSDEEP

196608:+4gRYG0KqQ0fn+SqTbd0kxdNLtxoiCXHd:+jGGcQTRxTbNwd

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Setup.exe	vmprotect

Files

Setup_File_1234_Pass.rar
.rar

Password: 1234
Setup.exe
.exe windows x86

Password: 1234

9a1d26a8b16a9dbb94396f19b5a9d4c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

9a1d26a8b16a9dbb94396f19b5a9d4c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 209KB

.rdata Size: - Virtual size: 57KB

.data Size: - Virtual size: 84KB

.vmp0 Size: - Virtual size: 3.5MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 47KB - Virtual size: 264KB

.text
Size: - Virtual size: 209KB

.rdata
Size: - Virtual size: 57KB

.data
Size: - Virtual size: 84KB

.vmp0
Size: - Virtual size: 3.5MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 47KB - Virtual size: 264KB