installer_setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

installer_setup.exe
Size

838.3MB
MD5

932bfb0ddfdcb819105c3f92244b59f1
SHA1

0cb9b4688b6ce55ac9c61b08de6d70f79fbc32fd
SHA256

de2e5ffd95e64ee19c5f563226c0e0e4de3cea5e4bf40511dbecac54e08d2a23
SHA512

7778dda9cf5856d703ae7d59bd369ac289ce725b26c0da53cf6bd546fde78b6c48748910b6b53071bcc515135cd8ead11c3dad8e30a05c21413b3edec7347f41
SSDEEP

98304:Of/j0993+hOJUtTiELyBaAS05FrasZrzvnf40D+gLKsAE6c0Gemfr3l0c6i:Ow93MLyBM0HVrzvnf40BVAnoY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
installer_setup.exe

Files

installer_setup.exe
.exe windows x64

Password: 77880

5893e69089e19900fac24ac96df96468

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

memset

wtsapi32

WTSSendMessageW

kernel32

GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

�t;\��C'��UX�'cEJ�� b6�qQeՎ?�i��\E��#A>Q�2s2I��]��YH�� v�<��ɄE��o�;M��B�o��߯� C(��t��n�]��L��9�}��Dٴ�/��A��b�� 3N8��T3#�+?}[�z�f��d(�B�a�4�� U�*�o�[x��^0`l��D�"��j�(Fv=�&��>��.��߽��3��S_̂S7��J�9��c6,�f��|�g g[��< ��zl-�/�d:��*��q�0}�w�R̖��G��mMG��gV�0_�h�jЯ�T�2P%��@ �u�=��?w�TP��ZF��{�� a`j �$W�Z��P��$@�R��+�e��r�U[}��O�HN�GB�^��%O�f��c4^&<�C�㒾�,[��"�Ye�K6{��U�F��w��NM�a�@��tt��Q��9��$��8D�h�Z7��`5�R��"��DY�� o-�2P��%B�}��(ơXG�j�G4]w��Ƅ�Y��# M��#K�3��9�Y#oqJ;��cv��aϛ��%�:A�m�,�#��M��Ċ�1��G<`�n��z��J5�+�\oVz��(�L��lՔ��U=׻�7;N�j�ɦ��$�� 6ג�`� $��R�GOM��=G!�z��h��7|<�]��6;iQ��YL�΃�+�V�� x�z��-x�u僺��@JL�͛�T��0��Y4�Y��E��n��>�T�;,o�$}5��G��GPLZ�eO��3�'a��O�xzw�J[N"qa{'S,m�VE I�ch� U�7S?at,p�I�mP��7�� q��i��DVË�'FOa�a�<��V�S%��1\�Z��Ç�h�[:P皿W��M g��%��C�l��Rf�Rr�8��ƨ;q�ю�>1\�U;��T��6��U�C��ꖀ�b�=@��x�� =H��hP��ɰ��٩@Jd΀f�>b�%�̑�0��x��]�g��y9�ݏ��).(]��_-�(��!Y�;,, T��x�{��Q$� X{\�Z]HR�/M-7\0�� K�c��bq:�{i\��o+��äg��7>�v[�%��ߖ]�Z��pS��+ �cn�|��M;��[5�ɔ�,�W��2��i��p�u��V��r��N�Dz�rܾ�*��g&�"أ��z�%X`6��\I}��?�J�^��3h%Qs�VF'�oV��hƻ�n?��"@ "-f�<b;�p��˟�7��L��Vdq�Ԭ��jߒ�R]u��ί��Z��՟�0�!5@�}��j<C��d)�&Qy̽�n��=-�k�PL+p>��Y噩 )��:�驮St��-�|#��B�1"5�n̶Y>�LۍLm1��B|O\�#�6[KA�|�\��dg��+Y��ko�8meӄQ�~ r"��]��O�+ZW�IV'S��h�m�|~�*t�Llp��0xp��n5� L�}F��팽�b�s�<э��\��"��[u(�!NG��Cl��q�c��q^��i_��8��*��R̆z&�_;�x�4�y5ݷG:�_<C��|��7�c�� GQ�� &i�Y�t+��Dʤ,�Z�^�O|��,'s`O��hB��]�t� ��H��FsÙ!�x��>��r@E�\�'��pѾ��&|ށ�*m��f<2�˥�#O��p��C�)tɸ)U�죱��e��ɂ9��?am��M�B�Ր�>h�kD��j��\��E?蔙"ކ(3B¹(��d[R��c�ˤNmǽ"��"��a?U}��!��˷�CH��`O��zT�Xao��d��(*�$�ԝ��K�J�u-��g�BE[�nd}�ɇ|��ZGT�(-j��Ӊ��h�Ѽ*�?��#�� ^�K�4�E�7-�h�{ϒl�Ⱦ��!��N#>�q_�@��U�֝��ccMe*��sq��9�OJ��Jb�~��~5��mO>!��coִ j��FYM��bs� ��s�*��-nP�H��ci�A\��'�xi�ˊ�%#�H��?��9��jK�ɾ�ɘf�.�G��s[+��K�$�?�Lں�Gگ�5��c��?i��&��udWJ�,|�� %��;1+��C�~]FG�Ty H��)�� L@�Z��j�D��Éj��O~�� g&+&k?,d�"W;�ⱐ��UF{�L�g��9R��ab7��L}\�� x�_vD�d��Jam@��x1j�.)޶D�/neW^QA*K�gP�g�ͱ2��RF�`�Uaؓ�`F^��p%6A� >�M�� $Aρ_�ː�$�S1��Mn�N�s�dd��,��@��˵$^I��R��_�,�:�ǷWK��J�%E��;��?��#�K,8�5��`s%Պ?�k\b,Jh�c#��Yr�n��l��T/�Qu��ΰ7� $�lօ6�,�!�ʵ��u��2Qj�C�>Z��&�7��H�ϮG��$6��.`��sc��ȏ��"Mn�!��5O!��x09>z#/�� #4��Xe�yշ�'��O+�tuf �cy�Ol��hDj��gH��NO��,2��:0�%�LP̕�?�[�ZL�� bӒ4��L��ਸ��T L��0��$'q��,3b\��C_�Ğ�8vS>\n��(��{��O��ȋC��Pw��L��8�Ut�� ҧ�Q�$�� 9�x�5��g"�C�G#8i��Z�E,�s�iJP��M�c��!��{e��6�D��B

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

[0]
Size: 831.8MB - Virtual size: 831.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 77880

5893e69089e19900fac24ac96df96468

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

wtsapi32

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 2.9MB

.rdata Size: - Virtual size: 14KB

.data Size: - Virtual size: 1.1MB

.pdata Size: - Virtual size: 47KB

[0] Size: 831.8MB - Virtual size: 831.8MB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 6.3MB - Virtual size: 6.3MB

.rsrc Size: 178KB - Virtual size: 178KB

.text
Size: - Virtual size: 2.9MB

.rdata
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 1.1MB

.pdata
Size: - Virtual size: 47KB

[0]
Size: 831.8MB - Virtual size: 831.8MB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

.rsrc
Size: 178KB - Virtual size: 178KB