289df99454fc27501c492887fd8d4c881be424f15c35628bd0352eaf34de533b

Sharing

Copy URL Twitter E-mail

General

Target

289df99454fc27501c492887fd8d4c881be424f15c35628bd0352eaf34de533b
Size

2.7MB
MD5

5e7fdecae91c5522562800ff533368d5
SHA1

f3771528ed8edb873a7d58c0f0e951edd3173c70
SHA256

289df99454fc27501c492887fd8d4c881be424f15c35628bd0352eaf34de533b
SHA512

9dc23baaac41c04d50fe67ae053a65e096ac67be8ffe83dfa22ce508804b4472019784d02edbc7e8878a4608d3914a5b0a5fa8f15a0ca62a980b7e14be4348ee
SSDEEP

49152:h/1LjAxV9l/hZeC/6aVoUFFzqwchjCIAMiy1nLFahyXGywxVoTPTeqg9ru:h/1wxLNaCVO2Jcw41LOyfcomr

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
289df99454fc27501c492887fd8d4c881be424f15c35628bd0352eaf34de533b

Files

289df99454fc27501c492887fd8d4c881be424f15c35628bd0352eaf34de533b
.exe windows x86

9182f9ef8f8c4040441b8ae83dec1780

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GlobalAddAtomA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowLongA

msimg32

TransparentBlt

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA

urlmon

URLDownloadToFileA

oleacc

CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromHBITMAP

imm32

ImmGetContext

winmm

PlaySoundA

gdi32

ExtSelectClipRgn

winspool.drv

ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegCreateKeyExA

shell32

SHGetFileInfoA

ole32

OleLockRunning

oleaut32

SysAllocStringLen

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9182f9ef8f8c4040441b8ae83dec1780

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msimg32

comctl32

shlwapi

urlmon

oleacc

gdiplus

imm32

winmm

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 256KB

.data Size: - Virtual size: 52KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 512B - Virtual size: 212B

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 256KB

.data
Size: - Virtual size: 52KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 512B - Virtual size: 212B

.rsrc
Size: 28KB - Virtual size: 27KB