Destroy_Premium[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Destroy_Premium.exe
Size

6.3MB
MD5

d41c8b2e685939db2690d360f4f657b0
SHA1

35d506f051d9680bf7e157c8fabd69b38a0c9232
SHA256

f97a026b20c3cb1c6d54892a98255ffc8974d70ae70c0fe1b740f824cfe3f1a8
SHA512

8e232d446917a83718e4d50fb9ca254608f6a23249c483fa09570cc1406972beb252d522233be3616ab23daa34b49ddccbb562f4cd28591cf443787e0e0f63db
SSDEEP

196608:bUBFO8b78ZbJU5egWX+ahxryVorrNFR/pS5/Fh8VLrTi:bUzN8ZbJUfmryVqNFPk8VLrm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

Destroy_Premium.exe
.exe windows x86

40bfb205773cfdcee209bf0aac81bf09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathGetArgsW

kernel32

CreateToolhelp32Snapshot
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExW

ws2_32

WSASetLastError

crypt32

CertFreeCertificateContext

wldap32

ord143

normaliz

IdnToAscii

imm32

ImmGetContext

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

d3d9

Direct3DCreate9

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40bfb205773cfdcee209bf0aac81bf09

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ws2_32

crypt32

wldap32

normaliz

imm32

d3dx9_43

d3d9

wtsapi32

Sections

.text Size: - Virtual size: 532KB

.rdata Size: - Virtual size: 140KB

.data Size: - Virtual size: 49KB

.vmp0 Size: - Virtual size: 3.6MB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 114KB - Virtual size: 114KB

.text
Size: - Virtual size: 532KB

.rdata
Size: - Virtual size: 140KB

.data
Size: - Virtual size: 49KB

.vmp0
Size: - Virtual size: 3.6MB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 114KB - Virtual size: 114KB