File[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

File.zip
Size

5.3MB
MD5

0ab90db3408d293ceb41144842d3f4c4
SHA1

af0a0569cff17b26b41f6d5337b578dff06aff34
SHA256

cd6ffb7b4348f2812429e2822db80b59d6d10f658754f96c8bd4bfea748f1ef2
SHA512

54f338b25887d25d60a7f83a4e7adc1076709a6012702b7f478bf105cb0e26bffb721f5771d6bbdc0b09a3981ceb66ec3b2634b4dfdbf8ade103afe1c8a9a71a
SSDEEP

98304:jxFg1dWsw/akS6tHAI0t2/2Fgibet8O3uV0LWuVmiBU5nR:NF8+3v30beZ3u/H+U5nR

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Install.exe	vmprotect

Files

File.zip
.zip

Password: 1234
Install.exe
.exe windows x86

Password: 1234

b0a438491df559e2ae875aca71787ff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
langs/Arabic.ini
langs/Belarusian.ini
langs/Bulgarian.ini
langs/Croatian.ini
langs/Czech.ini
langs/Danish.ini
langs/English.ini
langs/Farsi.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hindi.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Lithuanian.ini
langs/Norwegian.ini
langs/Russian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/Uyghur.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

b0a438491df559e2ae875aca71787ff8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 2.0MB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 34KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 161KB - Virtual size: 2.1MB

.text
Size: - Virtual size: 2.0MB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 34KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 161KB - Virtual size: 2.1MB