2452decdf35fe29397d2c0655dff134a20be0870e05a86f7152c5b261cdb2510

Sharing

Copy URL

Twitter E-mail

General

Target

2452decdf35fe29397d2c0655dff134a20be0870e05a86f7152c5b261cdb2510
Size

1.2MB
MD5

d87a344518972c8d03ed0b4693af02ee
SHA1

b3f846b743bf31193d47f86ef5dcd353280f52c7
SHA256

2452decdf35fe29397d2c0655dff134a20be0870e05a86f7152c5b261cdb2510
SHA512

8d24404b2df95a802f4c074c1f207982bce3abdc438bf21b28fb2dc6ef1691a9d6da2961a5694bcc337106921ba7c1bcb52884ded9c8e7956dd88a1b765e6c9d
SSDEEP

24576:KUoNYmpQOiQIYQT5rFtrkVAum84ZGB4AVAEbkpXOlZANW7CsCTZb4OdxNT9:ONYGkdFMApHEBXmEbk9iyNWmsCFb4OJB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2452decdf35fe29397d2c0655dff134a20be0870e05a86f7152c5b261cdb2510

Files

2452decdf35fe29397d2c0655dff134a20be0870e05a86f7152c5b261cdb2510
.dll windows x86

6ce175b1b4e6ba98cacfe74e4d5bd3d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GlobalReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegQueryValueExA

user32

TranslateMessage

gdi32

SetViewportOrgEx

shell32

SHGetPathFromIDListA

shlwapi

PathFileExistsA

ws2_32

ntohs

rasapi32

RasHangUpA

winspool.drv

OpenPrinterA

comctl32

ord17

wininet

InternetCrackUrlA

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce175b1b4e6ba98cacfe74e4d5bd3d7

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 570KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 348KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 160B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 570KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 348KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 160B

.rsrc
Size: 4KB - Virtual size: 664B