67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80[.]bin[.]sample[.]gz

Resubmissions

17-03-2023 20:37

230317-zekn9abh7x 10

24-01-2023 20:45

230124-zj56radf68 8

Sharing

Copy URL

Twitter E-mail

General

Target

67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80.bin.sample.gz
Size

549KB
MD5

a04a6cf4122d6ac125c61a1c95275912
SHA1

4eee7ecf6c8e61ab1c49f83a7bbe963643b923b0
SHA256

ce833ef49cd55eddec8d5f2a40bcaf58329c9c7a9ffa1caf58e4d877941b820c
SHA512

7d68b1175f5caa7cbf3df1c17a927de64056780da181af5bc0704cd46bf103665168a3ff97b40249694359dde252f05ef5098a52ee497b472de804928eebf165
SSDEEP

12288:vzs80r0o7Mwx/QJd4+M/bUj+934Mr8iTjj4VrZei0J7Z82YHHEMb7fb+GhIN:vw80r0ogM/QJu+M/zzr8iEVrp0Jl85Hm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/sample	vmprotect

Files

67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80.bin.sample.gz
.gz
sample
.exe windows x86

ebefd1a342aecf8073218751461aa6ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegQueryValueExW

shell32

ShellExecuteW

ws2_32

send

shlwapi

PathRenameExtensionW

msvcrt

_wfopen

netapi32

NetApiBufferFree

iphlpapi

GetAdaptersInfo

winhttp

WinHttpGetIEProxyConfigForCurrentUser

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ebefd1a342aecf8073218751461aa6ee

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

shlwapi

msvcrt

netapi32

iphlpapi

winhttp

user32

Sections

.text Size: - Virtual size: 13KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 207KB

.vmp0 Size: - Virtual size: 531KB

.vmp1 Size: 558KB - Virtual size: 558KB

.text
Size: - Virtual size: 13KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 207KB

.vmp0
Size: - Virtual size: 531KB

.vmp1
Size: 558KB - Virtual size: 558KB