cce7e85cea31c7277d5dd5199db69a7be3754477a342500bb5e6b8c88f8b4cb7

Sharing

Copy URL Twitter E-mail

General

Target

cce7e85cea31c7277d5dd5199db69a7be3754477a342500bb5e6b8c88f8b4cb7
Size

23KB
MD5

58040443232918af2ff04a8bd82cdac0
SHA1

30e6fc2f3ec0de36a8c67d943c6771034177617e
SHA256

cce7e85cea31c7277d5dd5199db69a7be3754477a342500bb5e6b8c88f8b4cb7
SHA512

acf3a69b0fef4724cac660e16206cd4056565b3ad901a63c639d22b72c15f5bd784af3bd629543d6f05a5de14b78cf95bb77d62671f0295d813061a6463059ca
SSDEEP

384:O91c0AFKQKo04V2Dz6uQfXozbOqswU2XUKOGBYAWGGzC8VvHTGhR2GKcgEjbZqw/:O91c0AcQl0Ss6uPbzRUSdxWAWs+vzGv/

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

cce7e85cea31c7277d5dd5199db69a7be3754477a342500bb5e6b8c88f8b4cb7
.dll windows x86

bedc1646d1a4d42973babb8319057e9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCheckConnectionA

msvcrt

strtol
_strlwr
free
??2@YAPAXI@Z
strrchr
malloc
mbstowcs
__CxxFrameHandler
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__dllonexit
_onexit
strstr

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

kernel32

LocalAlloc
LocalFree
DeleteFileA
MoveFileA
TerminateProcess
OpenProcess
GlobalAlloc
Sleep
GetFileSize
CreateFileMappingA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
GetTempPathA
WriteFile
SetEndOfFile
CreateFileA
GetProcAddress
LoadLibraryA
CreateProcessA
GetTempFileNameA
UnmapViewOfFile
CreateThread
MapViewOfFile

user32

PostMessageA
FindWindowExA
wsprintfA
FindWindowA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

iphlpapi

GetAdaptersInfo

shlwapi

StrCmpNIA
PathFileExistsA

mfc42

ord1243
ord1578
ord600
ord826
ord269
ord1176
ord6467

Exports

Exports

Runed

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedc1646d1a4d42973babb8319057e9c

Headers

File Characteristics

Imports

wininet

msvcrt

rasapi32

kernel32

user32

advapi32

shell32

iphlpapi

shlwapi

mfc42

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 4B

.vmp0 Size: 1024B - Virtual size: 670B

.vmp1 Size: 10KB - Virtual size: 10KB

.reloc Size: 1024B - Virtual size: 548B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 4B

.vmp0
Size: 1024B - Virtual size: 670B

.vmp1
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1024B - Virtual size: 548B