1d0cb82e8d1d7be1ab8e80b1c6e4d5440918668da50e608e5c78c83910584017

Sharing

Copy URL

Twitter E-mail

General

Target

1d0cb82e8d1d7be1ab8e80b1c6e4d5440918668da50e608e5c78c83910584017
Size

759KB
MD5

7b1f090d86c0693d72beb887ec88e601
SHA1

54fa889bd77fa2c000c0749820512af539746039
SHA256

1d0cb82e8d1d7be1ab8e80b1c6e4d5440918668da50e608e5c78c83910584017
SHA512

f10fd14c3ba6bca381f2adbb50e1a6372fae512c5b54dbadf2cece47ebfc2085c74e6ef53e165866e199e0923cc480dfd0b5264d5b4277fde65816a027f1ecb1
SSDEEP

12288:wFnisn1fqYBMZ09zZG45l7mgbNCiFGbvX5z0iilzA2W5/zfLbaepTLt38D/R6XSN:EnjqYp9zB5VmgxtMvX5wigzo5bfL2ep8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d0cb82e8d1d7be1ab8e80b1c6e4d5440918668da50e608e5c78c83910584017

Files

1d0cb82e8d1d7be1ab8e80b1c6e4d5440918668da50e608e5c78c83910584017
.dll windows x86

88a03730c1f1bb13183944fe4495e16e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SystemParametersInfoA

advapi32

OpenProcessToken

oleaut32

SysFreeString

version

GetFileVersionInfoA

gdi32

LineTo

ole32

OleInitialize

comctl32

ImageList_Create

shell32

Shell_NotifyIconA

wininet

DeleteUrlCacheEntry

urlmon

UrlMkGetSessionOption

wsock32

__WSAFDIsSet

ntdll

RtlFreeHeap

iphlpapi

GetAdaptersAddresses

oleacc

ObjectFromLresult

gdiplus

GdipLoadImageFromStream

ws2_32

WSAIoctl

imagehlp

MapFileAndCheckSumA

atl

AtlAxWinInit

Sections

CODE
Size: - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88a03730c1f1bb13183944fe4495e16e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

wininet

urlmon

wsock32

ntdll

iphlpapi

oleacc

gdiplus

ws2_32

imagehlp

atl

Sections

CODE Size: - Virtual size: 786KB

DATA Size: - Virtual size: 82KB

BSS Size: - Virtual size: 14KB

.idata Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 93KB

.vmp1 Size: 752KB - Virtual size: 752KB

.reloc Size: 512B - Virtual size: 132B

.rsrc Size: 5KB - Virtual size: 31KB

CODE
Size: - Virtual size: 786KB

DATA
Size: - Virtual size: 82KB

BSS
Size: - Virtual size: 14KB

.idata
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 93KB

.vmp1
Size: 752KB - Virtual size: 752KB

.reloc
Size: 512B - Virtual size: 132B

.rsrc
Size: 5KB - Virtual size: 31KB