6b0932453a212f7bf8e980b706188775e9df84a6ab5023293bd463ff65cc5389

Sharing

Copy URL Twitter E-mail

General

Target

6b0932453a212f7bf8e980b706188775e9df84a6ab5023293bd463ff65cc5389
Size

53KB
MD5

6beaebf2c9ed6d1769c1106300946d87
SHA1

0fae54e184f7b723d3023244fd68be63d6d04999
SHA256

6b0932453a212f7bf8e980b706188775e9df84a6ab5023293bd463ff65cc5389
SHA512

34568d8a4c1cd4588edfcd969991248207fb95f9359fed187df3cfae5c3602da0dffb09d1e4f6aec980a14bd6217d3daa3739878d4c5c0d9272883b8884e2486
SSDEEP

1536:LRvnDWPBOEBfKWHyRe71hwKQS+/LaZgC:LND0OoKWHJhwKQSrZg

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

6b0932453a212f7bf8e980b706188775e9df84a6ab5023293bd463ff65cc5389
.dll windows x86

f5111c674782d630d4e83879acaaba1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
ExpandEnvironmentStringsW
VirtualProtect
WriteFile
GetTempPathA
ExitProcess
TerminateProcess
lstrcpyA
GlobalFree
WritePrivateProfileStringA
WriteProfileStringA
GetPrivateProfileStringA
GetProfileStringA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
OpenProcess
IsBadReadPtr
VirtualAlloc
GetProcAddress
lstrcatA
GetSystemDirectoryA
ReadFile
Sleep
LoadLibraryW
GlobalAlloc
VirtualFree
SetFilePointer
GetFileSize
lstrlenA
CreateFileA

user32

ToAscii
wsprintfA
GetWindowLongA
GetKeyboardState
MapVirtualKeyA

ws2_32

connect
closesocket
inet_addr
socket
WSAStartup
recv
send
sendto
recvfrom
setsockopt
htons
WSCEnumProtocols
WSCGetProviderPath
gethostbyname

msvcrt

strstr
_itoa
atoi
wcsstr
_stricmp
memcpy
memset

shlwapi

PathRemoveFileSpecA
PathFileExistsA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

WSPStartup

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5111c674782d630d4e83879acaaba1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

msvcrt

shlwapi

wininet

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 4KB

.vmp0 Size: 1KB - Virtual size: 1KB

.vmp1 Size: 36KB - Virtual size: 35KB

.reloc Size: 1024B - Virtual size: 768B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 4KB

.vmp0
Size: 1KB - Virtual size: 1KB

.vmp1
Size: 36KB - Virtual size: 35KB

.reloc
Size: 1024B - Virtual size: 768B