2107c940e974ad29faeeb261d525ab3321bb9b0a35feb54bcd563e9af3d6944d

General

Target

2107c940e974ad29faeeb261d525ab3321bb9b0a35feb54bcd563e9af3d6944d
Size

911KB
MD5

c35ed8d15e4649bc9a877b70aaf0312b
SHA1

ede5e2912f57b8da09285b8bb39412a62385185f
SHA256

2107c940e974ad29faeeb261d525ab3321bb9b0a35feb54bcd563e9af3d6944d
SHA512

e8ebd3db532590b9b2408edef0fe48ba7cad57105a1778de62b9503142aea260191b81dae47c180159e4c99e4808cfb4c6268e8a38e721487066ad56470bb35d
SSDEEP

24576:yCBup88Jgr7fAekyS+1/pJBKgGgmifZgQfjiNMl8Fm:nBTEgrThK+REgGRiBg4uu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2107c940e974ad29faeeb261d525ab3321bb9b0a35feb54bcd563e9af3d6944d

Files

2107c940e974ad29faeeb261d525ab3321bb9b0a35feb54bcd563e9af3d6944d
.exe windows x64

29724e2d2bb9310750ca1c253f9c349c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

RtlLookupFunctionEntry
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 910KB - Virtual size: 909KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29724e2d2bb9310750ca1c253f9c349c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 71KB

.data Size: - Virtual size: 3KB

.rdata Size: - Virtual size: 912B

.bss Size: - Virtual size: 32B

.idata Size: - Virtual size: 20B

.vmp0 Size: - Virtual size: 830KB

.vmp1 Size: 910KB - Virtual size: 909KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 71KB

.data
Size: - Virtual size: 3KB

.rdata
Size: - Virtual size: 912B

.bss
Size: - Virtual size: 32B

.idata
Size: - Virtual size: 20B

.vmp0
Size: - Virtual size: 830KB

.vmp1
Size: 910KB - Virtual size: 909KB

.reloc
Size: 512B - Virtual size: 12B