df308636ecda3e662acbab2370f3fd419a74d66fc2c225de8c6f30dbe93e83af

Sharing

Copy URL Twitter E-mail

General

Target

df308636ecda3e662acbab2370f3fd419a74d66fc2c225de8c6f30dbe93e83af
Size

1.8MB
MD5

3867b4cfb5c146964a45a1e3b729e7f9
SHA1

b448472c4b361c4fdef72bb5f8ef65499fc8220f
SHA256

df308636ecda3e662acbab2370f3fd419a74d66fc2c225de8c6f30dbe93e83af
SHA512

36851c71c9af8fbe30e900744eefec434def19ed92d12fb21ba6b10d5ebbcf5a9951fd86c0b11db9f25ef91349aa0c58dd56d723da35089326fd4eadf4673e01
SSDEEP

49152:9OYY6oMeEkqlTioQJIV5Zzadb0rnJvIDGMlFWnR5h:9noMe0TiNS5udArxR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df308636ecda3e662acbab2370f3fd419a74d66fc2c225de8c6f30dbe93e83af

Files

df308636ecda3e662acbab2370f3fd419a74d66fc2c225de8c6f30dbe93e83af
.exe windows x86

97ec27703f75b2bc7f9865e8d6f9dad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

windivert

WinDivertClose

kernel32

GetVersionExA
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

MessageBoxW
CharUpperBuffW

advapi32

RegEnumKeyExW
RegCloseKey
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

iphlpapi

GetAdapterIndex

ws2_32

ioctlsocket

psapi

GetProcessImageFileNameW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97ec27703f75b2bc7f9865e8d6f9dad3

Headers

DLL Characteristics

File Characteristics

Imports

windivert

kernel32

user32

advapi32

iphlpapi

ws2_32

psapi

wtsapi32

Sections

.text Size: - Virtual size: 357KB

.rdata Size: - Virtual size: 95KB

.data Size: - Virtual size: 9KB

.gfids Size: - Virtual size: 1024B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: - Virtual size: 1.8MB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 357KB

.rdata
Size: - Virtual size: 95KB

.data
Size: - Virtual size: 9KB

.gfids
Size: - Virtual size: 1024B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: - Virtual size: 1.8MB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 1KB - Virtual size: 1KB