b20f5b31c1a0fd0c00705f37e456070bd7b5796662e34931574e76c7eb1e7f88

Sharing

Copy URL

Twitter E-mail

General

Target

b20f5b31c1a0fd0c00705f37e456070bd7b5796662e34931574e76c7eb1e7f88
Size

319KB
MD5

c02927ee260cbf24196d12181cb31855
SHA1

9acc446f4a3c4939869caaa71626854c405343ab
SHA256

b20f5b31c1a0fd0c00705f37e456070bd7b5796662e34931574e76c7eb1e7f88
SHA512

a33cb49c40227190bb0eb561dd0921e4e45292647d2d3f5f88cf2cfa2cdf0c57cd99fb02f392a027ef52f582592a47d4e5b4f979b7670f3f790beae90e0c1c9d
SSDEEP

6144:SL5TBtaDlFVH1hIzPK7es9f9TTmH4o8Uj1DQEKxBRvHxjc/Ajm3b:SL5T7a7Vw0J9U4o8ZEKxBzupb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b20f5b31c1a0fd0c00705f37e456070bd7b5796662e34931574e76c7eb1e7f88

Files

b20f5b31c1a0fd0c00705f37e456070bd7b5796662e34931574e76c7eb1e7f88
.dll windows x86

5c6a49ba7dc0ca5aa04015c4cac6f76b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClassExA

advapi32

OpenProcessToken

oleaut32

SysAllocString

ws2_32

WSAAddressToStringA

msvcp140

?uncaught_exception@std@@YA_NXZ

vcruntime140

memmove

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

Exports

Exports

NMCO_CallNMFunc

Sections

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c6a49ba7dc0ca5aa04015c4cac6f76b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 64KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: - Virtual size: 2KB

.detourc Size: - Virtual size: 4KB

.detourd Size: - Virtual size: 12B

.vmp0 Size: - Virtual size: 226KB

.vmp1 Size: 272KB - Virtual size: 271KB

.reloc Size: 512B - Virtual size: 156B

.rsrc Size: 1KB - Virtual size: 36KB

.text
Size: - Virtual size: 64KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: - Virtual size: 2KB

.detourc
Size: - Virtual size: 4KB

.detourd
Size: - Virtual size: 12B

.vmp0
Size: - Virtual size: 226KB

.vmp1
Size: 272KB - Virtual size: 271KB

.reloc
Size: 512B - Virtual size: 156B

.rsrc
Size: 1KB - Virtual size: 36KB