Panda_Ultimate Old Loader[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Panda_Ultimate Old Loader.exe
Size

5.2MB
MD5

d66851b2f21c45925bc18377682c84b5
SHA1

3e9bbfed894dae98afcb174c4c8d941a3c40d2f5
SHA256

7b0bb42b025ae170b58ce04b91aa481f040454f7fca5697088d999847afd50fe
SHA512

527fe8b25ee9184de0c14e733ddfabed0bea4ea77d7fc91ecb7aa53d0aa1abe017c79428734aa47fd44de29cdb916a14e3c56fc0d77e64b4bd0ceba71da499b3
SSDEEP

98304:/Tjm6RjDdpleuGdTbBzuYr5X7BqYakFtrkV8yEkO6NzOlZ6i0/q:/Tj/R3N9kJ/7Bq668wNzUoi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

Panda_Ultimate Old Loader.exe
.exe windows x64

bd6dc77713ddb205b25e6d68ab9fcded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

oleaut32

VariantClear

urlmon

URLDownloadToFileW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd6dc77713ddb205b25e6d68ab9fcded

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

urlmon

wtsapi32

Sections

.text Size: - Virtual size: 83KB

.rdata Size: - Virtual size: 47KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 5KB

_RDATA Size: - Virtual size: 348B

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 512B - Virtual size: 216B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 83KB

.rdata
Size: - Virtual size: 47KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 5KB

_RDATA
Size: - Virtual size: 348B

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 512B - Virtual size: 216B

.rsrc
Size: 512B - Virtual size: 480B