6f5e5955cf5ad1475b1c284f499a3fb6f76f841048686498cfa6ae673789ff04

Sharing

Copy URL

Twitter E-mail

General

Target

6f5e5955cf5ad1475b1c284f499a3fb6f76f841048686498cfa6ae673789ff04
Size

405KB
MD5

d8b94a13c07ed2ecc4963eb03978ef38
SHA1

fa7d0bb1491812d597b7935a3b04f56528a225ed
SHA256

6f5e5955cf5ad1475b1c284f499a3fb6f76f841048686498cfa6ae673789ff04
SHA512

9dd828f4d08359577c518837e7d3ee06e26dd746e8e426bbd24bec4e8dff3e79e643c58b1ed51af09b07cddd1b07bbae5823c523e4bb96f4698bb7488a87873c
SSDEEP

12288:hO+JPhnzHz1Uolrlya4lj81mC4IDoBaopflRSLj:04P5z1prCakaonROj

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Imagem digital Cheque Retorno 791212-2015.cpl	vmprotect

Files

6f5e5955cf5ad1475b1c284f499a3fb6f76f841048686498cfa6ae673789ff04
.zip
Imagem digital Cheque Retorno 791212-2015.cpl
.dll windows x86

fa6f91ecacb2b29963f906bcce3d4ea5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
GetVersion
LocalFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetPropA

advapi32

RegOpenKeyExA

oleaut32

VariantChangeType

version

GetFileVersionInfoA

gdi32

GetPixel

comctl32

ImageList_Destroy

Exports

Exports

CPlApplet

Sections

CODE
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa6f91ecacb2b29963f906bcce3d4ea5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

Exports

Exports

Sections

CODE Size: - Virtual size: 416KB

DATA Size: - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: - Virtual size: 8KB

.edata Size: - Virtual size: 73B

.vmp0 Size: - Virtual size: 64KB

.vmp1 Size: 422KB - Virtual size: 421KB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 8KB - Virtual size: 41KB

CODE
Size: - Virtual size: 416KB

DATA
Size: - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: - Virtual size: 8KB

.edata
Size: - Virtual size: 73B

.vmp0
Size: - Virtual size: 64KB

.vmp1
Size: 422KB - Virtual size: 421KB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 8KB - Virtual size: 41KB