681164fd1ee073daac2db8198cb40f0784f8b7dc7587bf50b52ffbc101bd2bf9

Sharing

Copy URL Twitter E-mail

General

Target

681164fd1ee073daac2db8198cb40f0784f8b7dc7587bf50b52ffbc101bd2bf9
Size

3.3MB
MD5

20c2e195b45a0366714cf4c6eda34f21
SHA1

1396b298d729d3b06a2c50754c3ef938e17de3ea
SHA256

681164fd1ee073daac2db8198cb40f0784f8b7dc7587bf50b52ffbc101bd2bf9
SHA512

342f836cf00021a6dc33da4da00fb0a3b9868e4d1739b8ce5efe60205b68264782d410701f19479bcf84c30d6848b02670def7c3118152b2cfafc81ec0edeb31
SSDEEP

49152:lnVhl9vdkSVmieUeL3GuwG+BWvmceKA9ZxTvjxb0EGRjzUy87878fae+f+RClDm2:lVDkHiuVmJxT9b0EGL/w5MZAl8mM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
681164fd1ee073daac2db8198cb40f0784f8b7dc7587bf50b52ffbc101bd2bf9

Files

681164fd1ee073daac2db8198cb40f0784f8b7dc7587bf50b52ffbc101bd2bf9
.exe windows x86

df47e90361d21e328b31d87d7d1600f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

gdi32

BitBlt

advapi32

RegSetValueExA

ole32

DoDragDrop

oleaut32

SystemTimeToVariantTime

msimg32

TransparentBlt

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA

wininet

InternetReadFile

oleacc

CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromStream

imm32

ImmReleaseContext

winmm

mciSendCommandA

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

shell32

SHBrowseForFolderA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df47e90361d21e328b31d87d7d1600f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msimg32

comctl32

shlwapi

wininet

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

shell32

msvcrt

iphlpapi

psapi

Sections

.text Size: - Virtual size: 4.4MB

.sedata Size: - Virtual size: 740KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 48KB

.sedata Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 522KB

.vmp2 Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 46KB - Virtual size: 45KB

.text
Size: - Virtual size: 4.4MB

.sedata
Size: - Virtual size: 740KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 48KB

.sedata
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 522KB

.vmp2
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 46KB - Virtual size: 45KB