34bbafa619f5a81f1911c4ebfc378710632da427cce5960e45bee0c1463fd6ed

Sharing

Copy URL Twitter E-mail

General

Target

34bbafa619f5a81f1911c4ebfc378710632da427cce5960e45bee0c1463fd6ed
Size

4.3MB
MD5

038ac9e89e6c692cdac1bd7b44e61aa7
SHA1

a91270be933d6d4edc646788802cfd6c67d95f53
SHA256

34bbafa619f5a81f1911c4ebfc378710632da427cce5960e45bee0c1463fd6ed
SHA512

cb4c038f9c0024e97bf1d3d6eb6ff0bc0b53370cda488de9ee9760fa89fe7d636ca221e7c5b902c0f7f34589e8d582ee253138ab86a370216d55f1f9e9a8d880
SSDEEP

98304:iVnPnMmDqgRXLkxGDgG6kkuJ0gbdUFSUBxjWn+/oqeV5NPMa:yqgRXLkl9LgOF/bQVVDP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34bbafa619f5a81f1911c4ebfc378710632da427cce5960e45bee0c1463fd6ed

Files

34bbafa619f5a81f1911c4ebfc378710632da427cce5960e45bee0c1463fd6ed
.exe windows x64

a5b42bea1ebdf70239053ed732f42fff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

fltmgr.sys

FltUnregisterFilter
FltStartFiltering
FltRegisterFilter

ntoskrnl.exe

ExAllocatePool
ExFreePoolWithTag
PsCreateSystemThread
PsTerminateSystemThread
ZwCreateFile
ZwReadFile
ZwClose
PsGetCurrentProcessId
ZwTerminateProcess
ZwOpenProcess
__C_specific_handler
RtlTimeToTimeFields
ExSystemTimeToLocalTime
ZwWriteFile
_snprintf
_vsnprintf
ObReferenceObjectByHandle
ObfDereferenceObject
ZwQueryInformationFile
strcmp
strncmp
RtlCompareMemory
RtlImageNtHeader
RtlCompareUnicodeStrings
isdigit
tolower
_stricmp
strstr
wcscat
wcslen
_wcsicmp
RtlInitAnsiString
RtlQueryRegistryValues
RtlWriteRegistryValue
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlCopyUnicodeString
RtlFreeUnicodeString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IofCompleteRequest
IoGetCurrentProcess
PsGetProcessWow64Process
PsGetProcessPeb
PsGetProcessSessionId
NtBuildNumber
RtlCreateRegistryKey
_vsnwprintf
RtlRandomEx
KeBugCheckEx
strlen
RtlInitUnicodeString
isupper
_stricmp
NtQuerySystemInformation
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwOpenFile
_wcsnicmp
ZwEnumerateKey
ZwCreateEvent
MmGetSystemRoutineAddress
ZwCreateFile
__C_specific_handler
KeSetSystemAffinityThread
KeQueryActiveProcessors
KeQueryTimeIncrement
DbgBreakPointWithStatus
RtlTimeToTimeFields
ExSystemTimeToLocalTime
IoAllocateMdl
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExFreePoolWithTag
ExAllocatePool
KeRevertToUserAffinityThread
DbgPrint
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5b42bea1ebdf70239053ed732f42fff

Headers

DLL Characteristics

File Characteristics

Imports

fltmgr.sys

ntoskrnl.exe

hal

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 344B

.pdata Size: 1024B - Virtual size: 924B

PAGE Size: 512B - Virtual size: 76B

INIT Size: 2KB - Virtual size: 1KB

.vmp0 Size: 2.7MB - Virtual size: 2.7MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 420B

.rsrc Size: 1024B - Virtual size: 584B

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 344B

.pdata
Size: 1024B - Virtual size: 924B

PAGE
Size: 512B - Virtual size: 76B

INIT
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 2.7MB - Virtual size: 2.7MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 420B

.rsrc
Size: 1024B - Virtual size: 584B