ac9b8d47a2237577680d04c43c1a7f2d4eac6efa9de961e8e4b0c12f0e0539ec

Sharing

Copy URL

Twitter E-mail

General

Target

ac9b8d47a2237577680d04c43c1a7f2d4eac6efa9de961e8e4b0c12f0e0539ec
Size

2.6MB
MD5

c606d0d7c26fac5255d0b93a88f5643b
SHA1

cffad081d8ea18a82c67c163246323e238c3a338
SHA256

ac9b8d47a2237577680d04c43c1a7f2d4eac6efa9de961e8e4b0c12f0e0539ec
SHA512

e2ec36138216ef5d617e7de499ffd383ee4817be6d219ab5cd1e291f47b972b0e34badbbd0fb789000dbf996b652fe72414fbaa49a176d2e2c073e128fea06c1
SSDEEP

49152:/vH1wcRsxG97P1rH1QWpzZ27arV2KwoL6UVqi2ppBW8zofm8jTESylX:3Scex0uWpzZ27aQKwoLhVqjpBW8OSx

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/HaloSpartanAssault+6Tr-LNG_v1.0/HaloSpartanAssault+6Tr-LNG_v1.0.exe	vmprotect

Files

ac9b8d47a2237577680d04c43c1a7f2d4eac6efa9de961e8e4b0c12f0e0539ec
.rar
HaloSpartanAssault+6Tr-LNG_v1.0/HaloSpartanAssault+6Tr-LNG_v1.0 - I.N.F.O.txt
HaloSpartanAssault+6Tr-LNG_v1.0/HaloSpartanAssault+6Tr-LNG_v1.0.exe
.exe windows x86

9ab85821cad4c9623a73ed2f769d4ce9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord617

kernel32

CreateToolhelp32Snapshot
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

winmm

waveOutGetPosition

user32

MessageBoxW

Exports

Exports

3�e�Fјz4S̘�/�`!��gr+��W<qM�'�)\��?�鼙e��ݽ�)�3rx��NH�un[�Tp�(�1��1CQ��݀�%�L�� A�k��ⅅ��ڣ��Q�n%w=?U,á��mX��f4�� WO��Ds�6�⯭�=��6 �<��j<1�1N��㦼�(�קM��_#+RȒ��|��*��MRbN'�ˣ��f�5$b<?)%y�|z��C�VĒD(�k��%�tU��3��G3hL��'c�N�� [�j�pB�]]f�X�RC�� ʸ>_��؎�sw&Gd��%�cN�[��134�J��d�Љ9��tH}�հ�p��P��`�j��[%l@u�ò,A��:pW�>8�}s6��P��_��b�n#E�a P 0�7HY�;�Yo�y�N��H� �=�MÃ�0uߗ(��:M�7�� vf�)� �H�� 2I�,Qb�>��J-�yLj_��g��W��q��B��t ��=ۃb9mƠ%��<_K3w��N��8��Ʃ��l��Җ��Qg��X��ǝ��\�X�ZX�.��|��tX[O�Hqy�uL�Į�@Ĵ��]�_{� �ә'��B��T�;�7�4C{Q.��nbCDd�E�A\�[ʿ��c�ţh�X��WE)��F��L�g,��`��I5<q�5?��?��z9��c'h�7I�Wv��C��VC��?�� T��.��ٛ��-��/�t�,��Bwr�G�8r�R�*�x�)�vz��u��{ ��c��$S�!�O9�T��4�4.��ѓC߃'�w��[c�7J�=��K��H��ƕ8"gI��%,f<C�@d~��`�k�o�ٻf0��P��R%�U��H�?�Dj��b��g��o>��B��(�)l��Oo��A?��+v)1ȋ��*�g�U� ] 1��|k��o. r@A�4!�e(�KOG� b'J��h�;�� -�2�*p��'�/Y�%rD?� ó�rm�k�v�"�� :6��Zi��Ԗ�2H�p6�W/��L(�-��N�2�+>��A�E�=���R��r�%g!j��X����V�+d��e�4��;��RFP�P$�1�i��V��]� ^VH��^�� >��{�w�X��\�6�UB��l��o��:V�b�}�mSoQE��'a�/�-��(ne]�{��"�`��g٬fvr=5�p�,��9��p��k��:�0c^��!�{Ĺ�r%g��l�)^"��{T��\��;��D�O��?2xs��WZ��OB�rxT:|��o��}d�Sb�݀ S��\��K�b��]��%�hIW��E��#,>o�XO��8��298˛#��eIC){Ȁ��i[�U�N[��+հ�ŪXAs��ʫ|��T��ׁ�<��4��pq�_�5�dc��\��g)U��.o�l��ź{Sz��ֆCt�[�P� �m^ b^e�'��td�b��B�ܓI�� @Ƕ>��0%ե��9_<"�d��~a�g�\��R^a�i��;��HG!�^��Ԭy�� I0�|�`�8�/?Э�)m��{�RP��XҶ9Uc�1"��kAg�Ӿ�Ǿ� ��e^��>KD�a�Hh��?0ze/�&�b��y#&��-p�91��K7N��nEʹҎ��R�?o��k��L?9K�f��Z��{K��sS��1~�Q��Le_�qf7J'h��-�K��̼Ls��C�d��G��Kխt��SY\��^��>,O��c�>��C�$ ��^�<�A�&H�k�l�ʼ')^�A��4��*WƟ��t�0��D��a�}<j�7*H��?�R��?��5��a� �n��.>��R��:�jq�ǡ��H ��!��\�_K-N��-x�j��D�a��_�`](��1��X�te��s��z��0�$5��c��`�i`u(�Yb��V�\��y ��$��}YkŶ�" J=Wh�n�F��2w*��h�#��]&J�ץ�ʔ��J�a8�9��c�9ۂ��#�ϊ'֏�ߺD�2��񷝆-��f�X��4J�K� AE+c-��Ӂ��raY�$-P�)5�U@��$� �ug�(��2ut�>�O~s-Fݶ��8�8k�O�ƶt��X.�"�� <�ꎌ�8,�?� S�R��R��(GAAE,��2�N�N�,B��=(4�0W�'�y�}�<�Ұz��N��E��s��-G�m��.�Q?ܽ;-rN��x��@&�߂�&#_��{#X��ߠ�ʽ�c~�vQ��uӡQ��s� ӉFX��a��@��=υ��^H"��\��rNeDX~��W:E��md&�� H{`�x��p:�w��l�z\��I��Q�6z%�ڧ1�n��ڶJp��?��ڜ�T>�� PD�F&�:��L�߀� ��<��{bפ�~^ˠ��=2df�[6��(xs�*��$��Gw��e�^VzoZ�&?��-��;�LB��񸎪i��]�F�ZN!1��C)K&��3~�ޟ ��#_0��R�lo�Ȩ)�;��(��H�֐-(�:�ƨ��dQ�`��pn�Q`ǐ��lїN�W�X範M݊��P�Zh&�h�>ܤ�h� �K^��H>�F�xZ W+�t��3�XP��p�W*G��<9��]H�95�z��/L��93__�@��S��p��N��v�ש|��DǴLq��W�=��H��T��|j��,�z��uy �y��0D��΄y2�tM-��2n�A��t�

Sections

.text
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HaloSpartanAssault+6Tr-LNG_v1.0/VERY IMPORTANT!.txt

Sharing

General

Malware Config

Signatures

Files

9ab85821cad4c9623a73ed2f769d4ce9

Headers

File Characteristics

Imports

msvbvm60

kernel32

winmm

user32

Exports

Exports

Sections

.text Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 80KB

.vmp0 Size: - Virtual size: 2.6MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 80KB

.vmp0
Size: - Virtual size: 2.6MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 23KB - Virtual size: 23KB