cd7456aa12b571dc9b435f57551d0c9ae09dba25f459f63bb9263cf0a7144206

Sharing

Copy URL

Twitter E-mail

General

Target

cd7456aa12b571dc9b435f57551d0c9ae09dba25f459f63bb9263cf0a7144206
Size

782KB
MD5

004cc096590b47c1b5f2f3f0bce3630c
SHA1

b3902a923fd6ac8158ebd9df08317d91ebffead6
SHA256

cd7456aa12b571dc9b435f57551d0c9ae09dba25f459f63bb9263cf0a7144206
SHA512

7855375e5fd4ac08b587c1ce402c8c44e477f511bfae4d3b06022bf96ea5d4309365627721e045edeb06f9abcb39413bd989a9a68e1d69a79e4117e5e94ffc8b
SSDEEP

24576:B3uk+CGTrKGYvPFhxtHHYy1usPQZvDOnt3xWRXBp+:B+zCGTrKLfxtnYEfP6vE94RXBc

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Comentario Facebook.cpl	vmprotect

Files

cd7456aa12b571dc9b435f57551d0c9ae09dba25f459f63bb9263cf0a7144206
.zip
Comentario Facebook.cpl
.dll windows x86

8d795d9ebbe0ca986d20611c97728814

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
GetVersion
GetTempFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowCursor

advapi32

RegOpenKeyExA

oleaut32

SafeArrayPtrOfIndex

version

VerQueryValueA

gdi32

Rectangle

ole32

CoUninitialize

wininet

InternetOpenA

shfolder

SHGetFolderPathA

comctl32

ImageList_EndDrag

Exports

Exports

CPlApplet

Sections

CODE
Size: - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 811KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d795d9ebbe0ca986d20611c97728814

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

wininet

shfolder

comctl32

Exports

Exports

Sections

CODE Size: - Virtual size: 615KB

DATA Size: - Virtual size: 34KB

BSS Size: - Virtual size: 5KB

.idata Size: - Virtual size: 10KB

.edata Size: - Virtual size: 74B

.vmp0 Size: - Virtual size: 325KB

.vmp1 Size: 811KB - Virtual size: 810KB

.reloc Size: 512B - Virtual size: 320B

.rsrc Size: 5KB - Virtual size: 34KB

CODE
Size: - Virtual size: 615KB

DATA
Size: - Virtual size: 34KB

BSS
Size: - Virtual size: 5KB

.idata
Size: - Virtual size: 10KB

.edata
Size: - Virtual size: 74B

.vmp0
Size: - Virtual size: 325KB

.vmp1
Size: 811KB - Virtual size: 810KB

.reloc
Size: 512B - Virtual size: 320B

.rsrc
Size: 5KB - Virtual size: 34KB