d08f94dbe2d92348ecfecf42d87cfcbf5a71c7bb6a8d2ac7cba99d1822aef213

General

Target

d08f94dbe2d92348ecfecf42d87cfcbf5a71c7bb6a8d2ac7cba99d1822aef213
Size

11.3MB
MD5

4c607fb79893ba513e3b6fde05e4479b
SHA1

5f2b47f1e977000dab4b39b262c0a297fb3f72a6
SHA256

d08f94dbe2d92348ecfecf42d87cfcbf5a71c7bb6a8d2ac7cba99d1822aef213
SHA512

d7296b170ca8c9076014967f1211cf91f6ab2c3957d9f8f2fbbdb64ac5286dd3dcd000f0b2c3deb5d7ef6285d5701b623ab5350ee416d51fd02e073e48f35b4e
SSDEEP

196608:ZxhgdcittVxfYu6gx2Y02B6FYjydhciMBmmn1lIYlFQMyZ/45jon30+AWqwlL:icitdgU2Y02B6FowhlMB/IYDMqJVtu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d08f94dbe2d92348ecfecf42d87cfcbf5a71c7bb6a8d2ac7cba99d1822aef213

Files

d08f94dbe2d92348ecfecf42d87cfcbf5a71c7bb6a8d2ac7cba99d1822aef213
.dll windows x86

2327089f1456c88bcc991bb117fce40e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

vcruntime140

__telemetry_main_invoke_trigger

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

auto_indun

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 13.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2327089f1456c88bcc991bb117fce40e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 3KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 912B

.vmp0 Size: - Virtual size: 13.4MB

.vmp1 Size: 11.3MB - Virtual size: 11.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 3KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 912B

.vmp0
Size: - Virtual size: 13.4MB

.vmp1
Size: 11.3MB - Virtual size: 11.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB