7ca171cf811911941a43a49541939faac676912c2761a7f0756a0d5b9caa18f6

Sharing

Copy URL

Twitter E-mail

General

Target

7ca171cf811911941a43a49541939faac676912c2761a7f0756a0d5b9caa18f6
Size

1.5MB
MD5

1bf8c726b024b5f71f49ce6e25e14596
SHA1

d68326c8431956fa6e615ecd9cf9f9a689a8c89a
SHA256

7ca171cf811911941a43a49541939faac676912c2761a7f0756a0d5b9caa18f6
SHA512

f1c6ab821c9c6f1aa36a8f3f8b16274b71419ac4a823dfddf565f95205dbd92f686dabe421634f71d1975a3353d91cd54fe026297483aaf4ec963f018071d368
SSDEEP

49152:l9h1eqv81/AhSPVRWcSnAJ3P04NIZVdGf:XPvv81/AhSPVRXsCP0mIndGf

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/QQ空间全能王/QQ空间全能王v2.0.1.3 [正式版].exe	vmprotect

Files

7ca171cf811911941a43a49541939faac676912c2761a7f0756a0d5b9caa18f6
.rar
QQ空间全能王/QQ空间全能王v2.0.1.3 [正式版].exe
.exe windows x86

079fac1c99a6d98dc1daf7b3790fa40e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

midiStreamOpen

ws2_32

ioctlsocket

kernel32

CloseHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

WinHelpA

gdi32

GetDeviceCaps

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

SysAllocStringLen

comctl32

ImageList_Read

oledlg

ord8

wininet

HttpQueryInfoA

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 915KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.url
.url
软件E线下载.url
.url

Sharing

General

Malware Config

Signatures

Files

079fac1c99a6d98dc1daf7b3790fa40e

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 915KB

.rdata Size: - Virtual size: 616KB

.data Size: - Virtual size: 369KB

.vmp0 Size: - Virtual size: 833KB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 36KB - Virtual size: 33KB

.text
Size: - Virtual size: 915KB

.rdata
Size: - Virtual size: 616KB

.data
Size: - Virtual size: 369KB

.vmp0
Size: - Virtual size: 833KB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 36KB - Virtual size: 33KB