e07154d18143c7c44af1b72b05511537ad6130adc9f0f958ad49282c714b9df6

Sharing

Copy URL Twitter E-mail

General

Target

e07154d18143c7c44af1b72b05511537ad6130adc9f0f958ad49282c714b9df6
Size

1.2MB
MD5

1767eb574957dfb7c4bb3d6162ecf24d
SHA1

4558c92f553d57d47e3c16012c1b7de0e23c7e7f
SHA256

e07154d18143c7c44af1b72b05511537ad6130adc9f0f958ad49282c714b9df6
SHA512

605419cd0027a845ce2a2c3b9f1be246121aafdbbb751d38c658cdd87da0a1ca10cf080e359cfddfdb506c656caab73f660b5ea90b7c9becef324c23fe140700
SSDEEP

24576:EZMNvZiBMCvnN9AcZndZu/kTdC45pzneorTYaKs1NRHkoWhz068Jv7mPGmy1IbOg:wMNMFvnN9A6TuyC4HnrTYay1068Jv7mv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e07154d18143c7c44af1b72b05511537ad6130adc9f0f958ad49282c714b9df6

Files

e07154d18143c7c44af1b72b05511537ad6130adc9f0f958ad49282c714b9df6
.dll windows x86

311b5e2c4996ad0de8538acf3fa1aa43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
ReadFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegSetValueExA

user32

GetDlgItem

gdi32

SetBkColor

shell32

SHGetSpecialFolderLocation

shlwapi

PathFileExistsA

ws2_32

connect

rasapi32

RasHangUpA

winspool.drv

ClosePrinter

comctl32

ord17

wininet

HttpQueryInfoA

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

311b5e2c4996ad0de8538acf3fa1aa43

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 570KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 345KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 232B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 570KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 345KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 232B

.rsrc
Size: 4KB - Virtual size: 664B