9528df47729c36939fb7df813d3a7984[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9528df47729c36939fb7df813d3a7984.bin
Size

5.3MB
MD5

5dc0c5fb3462927c0b5c1f6835f05247
SHA1

a5dadaf6b4c88b5b97c5544685595b0cb85d1256
SHA256

0d90a54ad40bf9744ca179a1f6a9003c222df3e4a347d7393ad992637bd21bd4
SHA512

c7c995289edb3395e6f10ca1ccde77b6d797ad7c6f766a9e573ca500431737a5ed804a1b1d35928e52fd4d689860ce994a20fb0adad93068d9286b37626d9075
SSDEEP

98304:oGEzXoJFdMb3NoCN23TVfVT3rw+WNpR46fX9Zmcwx1fyRV3wljSlBw9j:oGEbGa7y6a953rGNpR1fNZmcwx16zlBe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/a517ab612efd938a0a7347832b4d262447ea9c4a53c420b2bae210cb78eaf461.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a517ab612efd938a0a7347832b4d262447ea9c4a53c420b2bae210cb78eaf461.exe

Files

9528df47729c36939fb7df813d3a7984.bin
.zip

Password: infected
a517ab612efd938a0a7347832b4d262447ea9c4a53c420b2bae210cb78eaf461.exe
.exe windows x64

Password: infected

8ab858940b8a6742ee9d7e72e2cdcdda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.symtab
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8ab858940b8a6742ee9d7e72e2cdcdda

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Sections

.text Size: - Virtual size: 552KB

.rdata Size: - Virtual size: 634KB

.data Size: - Virtual size: 455KB

.idata Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 12KB

.symtab Size: - Virtual size: 4B

.vmp1 Size: - Virtual size: 3.2MB

.vmp2 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 512B - Virtual size: 156B

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: - Virtual size: 552KB

.rdata
Size: - Virtual size: 634KB

.data
Size: - Virtual size: 455KB

.idata
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 12KB

.symtab
Size: - Virtual size: 4B

.vmp1
Size: - Virtual size: 3.2MB

.vmp2
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 512B - Virtual size: 156B

.rsrc
Size: 27KB - Virtual size: 27KB