2998d2e3e25c27ce0d31a898fc839e520a4ff22c0d23d10be8d0130e42800726

Sharing

Copy URL

Twitter E-mail

General

Target

2998d2e3e25c27ce0d31a898fc839e520a4ff22c0d23d10be8d0130e42800726
Size

1.3MB
MD5

62f2f6d8a51118aa6b06fc406b069d7e
SHA1

aa99d803206ce267d3db41e7838ed46de8fd1daf
SHA256

2998d2e3e25c27ce0d31a898fc839e520a4ff22c0d23d10be8d0130e42800726
SHA512

fddfd1dd71eece37d9ac779740d76c211a0bb812daf17dcccbb9732bf778a16345495f63889682985db675ed91f5cf0ba252411b7b61c4c91f1cb8e571d4de15
SSDEEP

24576:/Oc6YV/PRf87X2AocTRwyqeL/tyA5tYQ0uVUbMa2YS5TmEZBtGW:mcXVRf89ocTRwy3tF5tVVIMWx0oW

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/会员终结者3.8.exe	vmprotect

Files

2998d2e3e25c27ce0d31a898fc839e520a4ff22c0d23d10be8d0130e42800726
.rar
jb51.net.txt
会员终结者3.8.exe
.exe windows x86

96625d6422e1ef705d6e925132bb73ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winmm

waveOutOpen

ws2_32

recv

rasapi32

RasHangUpA

kernel32

InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowTextA

gdi32

PatBlt

winspool.drv

DocumentPropertiesA

comdlg32

GetOpenFileNameA

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

CoRegisterMessageFilter

oleaut32

RegisterTypeLi

comctl32

_TrackMouseEvent

oledlg

ord8

wininet

InternetConnectA

Sections

.text
Size: - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
去脚本之家看看.url
.url
服务器软件.url
.url

Sharing

General

Malware Config

Signatures

Files

96625d6422e1ef705d6e925132bb73ce

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

Sections

.text Size: - Virtual size: 562KB

.rdata Size: - Virtual size: 833KB

.data Size: - Virtual size: 379KB

.vmp0 Size: - Virtual size: 845KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 100KB - Virtual size: 99KB

.text
Size: - Virtual size: 562KB

.rdata
Size: - Virtual size: 833KB

.data
Size: - Virtual size: 379KB

.vmp0
Size: - Virtual size: 845KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 100KB - Virtual size: 99KB