3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c

Sharing

Copy URL

Twitter E-mail

General

Target

3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c
Size

5.8MB
MD5

7b20822375127aaf2c2ec9d1f07a3007
SHA1

c6cc2246cb5fd04ea80c1256ceec10268b876a89
SHA256

3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c
SHA512

e7a843db7276164ea677ee04efcd35c2bc1c47b5c7916d32cdd2c1cf372b00b8541716875675afd56ad19536dd9f990050c4fdc5ea9c78d09476700310912f07
SSDEEP

98304:emB1kJ62BWOtIR7AzNS3mVmh/sxWruL0UUXoiEjCQYSRyEK0Upg328Vu2L8IooE:ekKI2BFBS3m0h/P/S2QYwyE13l4w5o

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c

Files

3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c
.dll windows x64

531372f8fed94a7a0e3b8ef647c7fcb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ws2_32

getaddrinfo

advapi32

GetTokenInformation

kernel32

WriteFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

secur32

GetUserNameExA

ole32

CoUninitialize

wtsapi32

WTSSendMessageW

Exports

Exports

rundll

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

531372f8fed94a7a0e3b8ef647c7fcb7

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

kernel32

secur32

ole32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 11KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 595B

.pdata Size: - Virtual size: 432B

.vmp0 Size: - Virtual size: 4.0MB

.vmp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 156B

.text
Size: - Virtual size: 11KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 595B

.pdata
Size: - Virtual size: 432B

.vmp0
Size: - Virtual size: 4.0MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 156B