7f8e8c3c9a16b7e1950a9214b08ad560706010089eb32b6689eeee6c910f11d3

Sharing

Copy URL Twitter E-mail

General

Target

7f8e8c3c9a16b7e1950a9214b08ad560706010089eb32b6689eeee6c910f11d3
Size

4.3MB
MD5

9c0a562883b351378683a1ce6cf5683f
SHA1

f52f5eee4f711e2aeca85bbdd81edb86fd7cff1f
SHA256

7f8e8c3c9a16b7e1950a9214b08ad560706010089eb32b6689eeee6c910f11d3
SHA512

7cc51c257ef2b3e9d484aa409d350babf9ea08aa9a1babd07acf23c0ffbc855569b72e200ca457ec7e8f3ce049e94c5c005b457c3531f9886f484536405ad8f4
SSDEEP

98304:NfHnatBHu/kJ07aU7ZSYqkOxRk/vpxhZ:paDu/kJkEkgRk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f8e8c3c9a16b7e1950a9214b08ad560706010089eb32b6689eeee6c910f11d3

Files

7f8e8c3c9a16b7e1950a9214b08ad560706010089eb32b6689eeee6c910f11d3
.exe windows x64

b29739725fe484c260cb5118b338093b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

fltmgr.sys

FltUnregisterFilter
FltStartFiltering
FltRegisterFilter

ntoskrnl.exe

ExAllocatePool
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwReadFile
ZwClose
PsGetCurrentProcessId
ZwTerminateProcess
ZwOpenProcess
__C_specific_handler
RtlTimeToTimeFields
ExSystemTimeToLocalTime
ZwWriteFile
_snprintf
_vsnprintf
ObReferenceObjectByHandle
ObfDereferenceObject
ZwQueryInformationFile
strcmp
strncmp
RtlCompareMemory
RtlCompareUnicodeStrings
isupper
isdigit
tolower
_stricmp
strstr
wcscat
wcslen
_wcsicmp
RtlInitAnsiString
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlFreeUnicodeString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IofCompleteRequest
IoGetCurrentProcess
NtBuildNumber
RtlCreateRegistryKey
_vsnwprintf
RtlRandomEx
KeBugCheckEx
strlen
RtlInitUnicodeString
RtlImageNtHeader
_stricmp
NtQuerySystemInformation
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwOpenFile
_wcsnicmp
ZwEnumerateKey
ZwCreateEvent
MmGetSystemRoutineAddress
ZwCreateFile
__C_specific_handler
KeSetSystemAffinityThread
KeQueryActiveProcessors
KeQueryTimeIncrement
DbgBreakPointWithStatus
RtlTimeToTimeFields
ExSystemTimeToLocalTime
IoAllocateMdl
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExFreePoolWithTag
ExAllocatePool
KeRevertToUserAffinityThread
DbgPrint
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b29739725fe484c260cb5118b338093b

Headers

DLL Characteristics

File Characteristics

Imports

fltmgr.sys

ntoskrnl.exe

hal

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 344B

.pdata Size: 1024B - Virtual size: 924B

PAGE Size: 512B - Virtual size: 76B

INIT Size: 2KB - Virtual size: 1KB

.vmp0 Size: 2.7MB - Virtual size: 2.7MB

.vmp1 Size: 1024B - Virtual size: 1016B

.vmp2 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 432B

.rsrc Size: 1024B - Virtual size: 584B

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 344B

.pdata
Size: 1024B - Virtual size: 924B

PAGE
Size: 512B - Virtual size: 76B

INIT
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 2.7MB - Virtual size: 2.7MB

.vmp1
Size: 1024B - Virtual size: 1016B

.vmp2
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 432B

.rsrc
Size: 1024B - Virtual size: 584B