61d0c2fc467c2289bed9ebd0352971fccd2e6ffd04020e2cde505e1ffee53e3c

Sharing

Copy URL Twitter E-mail

General

Target

61d0c2fc467c2289bed9ebd0352971fccd2e6ffd04020e2cde505e1ffee53e3c
Size

1.2MB
MD5

d4edac78bfd83dc7a580fba8ced1402c
SHA1

d7e7ddc7c29e7f55844faf051bae1e4d77613cd9
SHA256

61d0c2fc467c2289bed9ebd0352971fccd2e6ffd04020e2cde505e1ffee53e3c
SHA512

2d477b2b0032b4dbc3ebcc52512e14e33ec578c27a7fdc36f2e407e700b6da47dd2366ad72b2a55765ef9e8bd9f68f6f715c0c69b15bba2865b6b1b70ea76e0b
SSDEEP

24576:AX4MS9lBRJcz80v6xQSPr65ja/GnmbNznsc3K864qjXoBL07dORW:k4MS9jRJcpv6SSTjZzsj4mQIYs

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61d0c2fc467c2289bed9ebd0352971fccd2e6ffd04020e2cde505e1ffee53e3c

Files

61d0c2fc467c2289bed9ebd0352971fccd2e6ffd04020e2cde505e1ffee53e3c
.dll windows x86

3a1feae1a532795c0ddcdc770fb4f767

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
ReadFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegSetValueExA

user32

SetFocus

gdi32

CreateBitmap

shell32

SHGetPathFromIDListA

shlwapi

PathFileExistsA

ws2_32

connect

rasapi32

RasHangUpA

winspool.drv

OpenPrinterA

comctl32

ord17

wininet

HttpOpenRequestA

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a1feae1a532795c0ddcdc770fb4f767

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 571KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 344KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 184B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 571KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 344KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 184B

.rsrc
Size: 4KB - Virtual size: 664B