2ee62d139956b682fdb0b8190cb90fb1018f59b9473ac31f372062d1d9e71d78

Sharing

Copy URL Twitter E-mail

General

Target

2ee62d139956b682fdb0b8190cb90fb1018f59b9473ac31f372062d1d9e71d78
Size

1.2MB
MD5

cb60c6b1745c0b658e8a998bdff351d7
SHA1

81fc062bda9a2b82846fc91d2340234b865cb021
SHA256

2ee62d139956b682fdb0b8190cb90fb1018f59b9473ac31f372062d1d9e71d78
SHA512

9b16451ed31a37e11fece05b5b5d92a090897826d8df6c4c1b3209ad1477ff74c429a67e6802aa6b6edaf91aa3bacfe5a6ee780d476c1f00241e5c4e129b506c
SSDEEP

24576:kmVvVZXfsuJQUcExB4XS6HddZ3hmJxIbEDUjRv75:/7ConcgC0JxIjRT5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ee62d139956b682fdb0b8190cb90fb1018f59b9473ac31f372062d1d9e71d78

Files

2ee62d139956b682fdb0b8190cb90fb1018f59b9473ac31f372062d1d9e71d78
.dll windows x86

2b94ebe068eebdda00b8d4468f5b8f56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
WaitNamedPipeA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

AdjustTokenPrivileges

user32

GetAsyncKeyState

gdi32

RectVisible

shell32

SHGetSpecialFolderLocation

shlwapi

PathFileExistsA

ws2_32

closesocket

rasapi32

RasHangUpA

winspool.drv

DocumentPropertiesA

comctl32

ord17

wininet

InternetCrackUrlA

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b94ebe068eebdda00b8d4468f5b8f56

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 571KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 350KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 264B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 571KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 350KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 264B

.rsrc
Size: 4KB - Virtual size: 664B