dd214dfd31d181721e3bf0041ba886cd259e5b9b29881e66147cb8f74fc59222

Sharing

Copy URL Twitter E-mail

General

Target

dd214dfd31d181721e3bf0041ba886cd259e5b9b29881e66147cb8f74fc59222
Size

1.8MB
MD5

619e2816f695275a8a55fcdc3257de97
SHA1

5a4d4daa1d31d1c18c90be75bf0fda837cc55cd1
SHA256

dd214dfd31d181721e3bf0041ba886cd259e5b9b29881e66147cb8f74fc59222
SHA512

5e52a73afbe383cec6985309413ee943799a71fd6a4fdbce4bff5ae776ae3246c755778022626fb3a1b479263e118399e9cf813475b4c8299fbc5afd3207fde8
SSDEEP

49152:8H3ffFX4GvrkYZuwMlX84AU7otL6mqT2CP+KriyjtChJezp:8Xf9X4GvrkY0lzw1R8+yjQhJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd214dfd31d181721e3bf0041ba886cd259e5b9b29881e66147cb8f74fc59222

Files

dd214dfd31d181721e3bf0041ba886cd259e5b9b29881e66147cb8f74fc59222
.dll windows x86

03fc3699f2248576e90561d68b41ff63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
TlsAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCursorPos

gdi32

ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

netapi32

Netbios

wsock32

inet_ntoa

psapi

GetModuleInformation

Exports

Exports

GetCardData
Inject

Sections

.text
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 928KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03fc3699f2248576e90561d68b41ff63

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

netapi32

wsock32

psapi

Exports

Exports

Sections

.text Size: 636KB - Virtual size: 634KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 40KB - Virtual size: 95KB

.vmp0 Size: 928KB - Virtual size: 926KB

.vmp1 Size: 100KB - Virtual size: 99KB

.reloc Size: 40KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 636KB - Virtual size: 634KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 40KB - Virtual size: 95KB

.vmp0
Size: 928KB - Virtual size: 926KB

.vmp1
Size: 100KB - Virtual size: 99KB

.reloc
Size: 40KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 7KB