209b830eaa3deaf113291266d72d05ab83d8c9719a50dc0ea12202adc64a07c2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

209b830eaa3deaf113291266d72d05ab83d8c9719a50dc0ea12202adc64a07c2.zip
Size

896KB
MD5

00f5f475b52dacfc90907678994cbd91
SHA1

58587fc4af8307d93a3d035ee4b262e9373efbe2
SHA256

c9279ecdd8061a0eac0ebf9dc022168adcb2c35c3be9234aa95e4887ab8cc459
SHA512

10a416f63b9540a18c8a05e7c93e5200100e5aed713f5825d3983ac3053d516ae5f382a4a742e5184e46cf632f8a6e7c13c0e95bfe8327e699edb8441673e9d6
SSDEEP

12288:R8RJhdZyWV/zI4+d0qdg1uEQRr36JFK34OtILYp+MbXYuGRPuW1OSuls6cj:+hdZy4ChOoLRr3Me4EnpEuGAWMSuCpj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/209b830eaa3deaf113291266d72d05ab83d8c9719a50dc0ea12202adc64a07c2	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/209b830eaa3deaf113291266d72d05ab83d8c9719a50dc0ea12202adc64a07c2

Files

209b830eaa3deaf113291266d72d05ab83d8c9719a50dc0ea12202adc64a07c2.zip
.zip

Password: threatbook
209b830eaa3deaf113291266d72d05ab83d8c9719a50dc0ea12202adc64a07c2
.exe windows x86

Password: threatbook

9344895c23090386f41df45fe4708efb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5875

msvcrt

isdigit

kernel32

GetModuleHandleA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetCursorPos
MessageBoxA

gdi32

ExtTextOutA

advapi32

RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_Add

ole32

CLSIDFromProgID

oleaut32

GetErrorInfo

Sections

.text
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

a100
Size: - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 812KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

9344895c23090386f41df45fe4708efb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: - Virtual size: 216KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 1.2MB

.rsrc Size: 120KB - Virtual size: 119KB

a100 Size: - Virtual size: 512B

.vmp0 Size: - Virtual size: 110KB

.vmp1 Size: 812KB - Virtual size: 810KB

.reloc Size: 4KB - Virtual size: 268B

.text
Size: - Virtual size: 216KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 1.2MB

.rsrc
Size: 120KB - Virtual size: 119KB

a100
Size: - Virtual size: 512B

.vmp0
Size: - Virtual size: 110KB

.vmp1
Size: 812KB - Virtual size: 810KB

.reloc
Size: 4KB - Virtual size: 268B