69babee20fca03eccf70e8344ff9480d7b1924dd9af275cbb259bcd77646cc09

Sharing

Copy URL

Twitter E-mail

General

Target

69babee20fca03eccf70e8344ff9480d7b1924dd9af275cbb259bcd77646cc09
Size

3.7MB
MD5

fe4677fde367205f2a0aa0fe0bbf2e47
SHA1

a4b1f6d5ecbf72d24170dfbf79cad9c891d72e96
SHA256

69babee20fca03eccf70e8344ff9480d7b1924dd9af275cbb259bcd77646cc09
SHA512

9824b182f154a599eae3740a9e038f63eea92f6830cad0111629d29c27c3d6cc219e18f5cce62604d76d2ebd67a71c2ceee75f0f2cd2ee9ea517286ddc24ef0f
SSDEEP

98304:hGzb2fmuDP3ncy3cYHFVoouevuNA8T6xozVant5:hGzbPurcCEA82p

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/lianxuextbsq_33lc.com/lx_speed 1.5 beta1.exe	vmprotect
static1/unpack001/lianxuextbsq_33lc.com/破解补丁.exe	vmprotect

Files

69babee20fca03eccf70e8344ff9480d7b1924dd9af275cbb259bcd77646cc09
.zip
lianxuextbsq_33lc.com/3837网址导航.url
.url
lianxuextbsq_33lc.com/lx_speed 1.5 beta1.exe
.exe windows x86

c079e305259ce7a2ae4fa87a1e347e99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetLastActivePopup

gdi32

SetViewportOrgEx

winmm

waveOutUnprepareHeader

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

OleFlushClipboard

oleaut32

LoadTypeLi

comctl32

ord17

oledlg

ord8

ws2_32

ioctlsocket

wininet

InternetReadFile

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lianxuextbsq_33lc.com/下载必看.txt
lianxuextbsq_33lc.com/使用说明.txt
lianxuextbsq_33lc.com/破解补丁.exe
.exe windows x86

1fb1bae1f76a967a8781ae4e29ff5c77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutPrepareHeader

ws2_32

recvfrom

kernel32

GetVersionExA
GetVersion
LocalReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawEdge

gdi32

PathToRegion

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

DragAcceptFiles

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_GetIcon

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 981KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lianxuextbsq_33lc.com/绿茶软件园.url
.url

Sharing

General

Malware Config

Signatures

Files

c079e305259ce7a2ae4fa87a1e347e99

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 520KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 219KB

.vmp0 Size: - Virtual size: 901KB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

1fb1bae1f76a967a8781ae4e29ff5c77

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 583KB

.rdata Size: - Virtual size: 248KB

.data Size: - Virtual size: 260KB

.vmp0 Size: - Virtual size: 981KB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: - Virtual size: 520KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 219KB

.vmp0
Size: - Virtual size: 901KB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: - Virtual size: 583KB

.rdata
Size: - Virtual size: 248KB

.data
Size: - Virtual size: 260KB

.vmp0
Size: - Virtual size: 981KB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 20KB - Virtual size: 18KB