4d99d5f2839cb191b95812403783aa7a428d4088

General

Target

4d99d5f2839cb191b95812403783aa7a428d4088
Size

563KB
MD5

1c83d3453f30072b8b830370b22ac6d0
SHA1

4d99d5f2839cb191b95812403783aa7a428d4088
SHA256

c9e415795841fbbb61ddf0191ba1d03a0554f2fcc6186da79bd0a4005008b359
SHA512

518d55958f38896a714afc2ed0a7d53fdeef86385e1144b5084f14f5f9e0ea298bd7a08b48ebe6acb48b8a7c584068ce7f82f2b3df68c1bbe259e444ca9d1b45
SSDEEP

12288:HTHm3xI4z242hQQgb7r51Qc1qrsfCzE3TN7flu5Zw+MaD:HTHm3xrUgb7Rqo6zKT5ln5aD

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/PerX.exe	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Scarletz.dll	vmprotect

Files

4d99d5f2839cb191b95812403783aa7a428d4088
.zip
PerX.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 246KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Scarletz.dll
.dll windows x86

6159ca2277ce8ea0373e9999f5f90ef8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
Beep
CreateThread
DisableThreadLibraryCalls
ExitProcess
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA
Sleep
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memmove
strstr

shell32

ShellExecuteA

user32

GetAsyncKeyState
MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 452KB

UPX1 Size: 169KB - Virtual size: 172KB

.rsrc Size: 168KB - Virtual size: 168KB

.text Size: 246KB - Virtual size: 308KB

.text Size: 115KB - Virtual size: 116KB

6159ca2277ce8ea0373e9999f5f90ef8

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

user32

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 48B

.rdata Size: 512B - Virtual size: 496B

.bss Size: - Virtual size: 208B

.idata Size: 1024B - Virtual size: 816B

.vmp0 Size: 8KB - Virtual size: 7KB

.vmp1 Size: 18KB - Virtual size: 18KB

.reloc Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 452KB

UPX1
Size: 169KB - Virtual size: 172KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 246KB - Virtual size: 308KB

.text
Size: 115KB - Virtual size: 116KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 512B - Virtual size: 496B

.bss
Size: - Virtual size: 208B

.idata
Size: 1024B - Virtual size: 816B

.vmp0
Size: 8KB - Virtual size: 7KB

.vmp1
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1KB - Virtual size: 1KB