52b288c375cba1fa7bdcd0226d5216f8007686320fa1659f4a254c4cbb1826bd

General

Target

52b288c375cba1fa7bdcd0226d5216f8007686320fa1659f4a254c4cbb1826bd
Size

3.2MB
MD5

daaa8005c664f5182738dad0e5b21710
SHA1

41d6fd0fe049bac96c458b8af37f6d1d3f66cb44
SHA256

52b288c375cba1fa7bdcd0226d5216f8007686320fa1659f4a254c4cbb1826bd
SHA512

e35238582ceea2b745752fd74141561855e48de6ab709f3b059e1159067b1f2b64b9faa5e99aa04835fe951fc8f8fc2cd130d45d6268dda58cbcc2ce33636198
SSDEEP

49152:1e1wpeOJWecU4zkidgl8xoTFQY/LsA+vR2QLxpghKp0EPfp2RSTjxtd4O:tFJ7cUkPdOusDGQKp7PN/x4O

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52b288c375cba1fa7bdcd0226d5216f8007686320fa1659f4a254c4cbb1826bd

Files

52b288c375cba1fa7bdcd0226d5216f8007686320fa1659f4a254c4cbb1826bd
.dll windows x86

02a9d84fad96d42d8e1fdd838c2618e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA
GetProcessWindowStation
GetUserObjectInformationW

kernel32

CloseHandle
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
SetEvent
GetVolumeInformationA
GetModuleHandleA
ExitThread
CreateThread
CreateEventA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wsock32

closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSAStartup

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

02a9d84fad96d42d8e1fdd838c2618e5

Headers

File Characteristics

Imports

user32

kernel32

wsock32

ws2_32

secur32

Exports

Exports

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 200B

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 200B

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 1KB - Virtual size: 1KB