4b9dd537d7ec7ca64f866b4467c8f5bbf75938fea19047144f111dfddbb53a66

Sharing

Copy URL

Twitter E-mail

General

Target

4b9dd537d7ec7ca64f866b4467c8f5bbf75938fea19047144f111dfddbb53a66
Size

4.2MB
MD5

a1eb5c19addcdb44ed88f4cd7ce9c547
SHA1

e70a4a83df0b36d3a5e7d6b64a8a37cd5e26de92
SHA256

4b9dd537d7ec7ca64f866b4467c8f5bbf75938fea19047144f111dfddbb53a66
SHA512

24f24143c45bc9d51dc95e64e6166e4ab73aba7b05f3e5e5f15253a40d82471015e1dcd33d1960cd3754ff2e4d303fb8fc0c7bd1782f75f47167305e5f1ea1a8
SSDEEP

98304:sOttY/gBBQ2uGvu4Al8NnBE3BGeHLmY398/PsVs1ooLp463f8m:sOP8go2upDAK3MVa9lVsooLS6v/

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/镇魂勇士的信仰辅助二代V1 0/镇魂勇士的信仰辅助V1.6版本最新版.exe	vmprotect

Files

4b9dd537d7ec7ca64f866b4467c8f5bbf75938fea19047144f111dfddbb53a66
.rar
镇魂勇士的信仰辅助二代V1 0/打开辅助前请看.txt
镇魂勇士的信仰辅助二代V1 0/镇魂勇士的信仰辅助V1.6版本最新版.exe
.exe windows x86

0917b40122c02d0fe7fc2cfc658d4893

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutPause

ws2_32

closesocket

rasapi32

RasGetConnectStatusA

kernel32

FlushFileBuffers
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

AppendMenuA

gdi32

CreatePolygonRgn

winspool.drv

DocumentPropertiesA

comdlg32

ChooseColorA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CoCreateInstance

oleaut32

VariantTimeToSystemTime

comctl32

ord17

oledlg

ord8

wininet

HttpQueryInfoA

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0917b40122c02d0fe7fc2cfc658d4893

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 3.2MB

.data Size: - Virtual size: 415KB

.vmp0 Size: - Virtual size: 869KB

.vmp1 Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 3.2MB

.data
Size: - Virtual size: 415KB

.vmp0
Size: - Virtual size: 869KB

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 16KB - Virtual size: 13KB