96b05d074088d0cbbccb56f659b51cae4bdf399721e1160190415844c59a23f0

Sharing

Copy URL Twitter E-mail

General

Target

96b05d074088d0cbbccb56f659b51cae4bdf399721e1160190415844c59a23f0
Size

7.6MB
MD5

855c598883807e85e1e60d02416d9ce2
SHA1

8588ee9eb2d317989a14a27232fe62c2a4d43f86
SHA256

96b05d074088d0cbbccb56f659b51cae4bdf399721e1160190415844c59a23f0
SHA512

2b25caf598cfdddd92336a4aa2828628d6e797994f29831e61aede0fec38b3c287c36071c335370f04dc238fdaa12f0765ced6529cfd6b6f55bf6a49d7eae350
SSDEEP

196608:5sZaOCegeuF9rORsdSiifeHoBwF9brpMQnlYHt:CZmeaF9AsA9GDlzlW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96b05d074088d0cbbccb56f659b51cae4bdf399721e1160190415844c59a23f0

Files

96b05d074088d0cbbccb56f659b51cae4bdf399721e1160190415844c59a23f0
.dll windows x86

32b18a289557eb8b6681c82bbb72ca4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptEncrypt

ole32

CoCreateGuid

shell32

ShellExecuteExA

shlwapi

StrStrIW

crypt32

CertCloseStore

wldap32

ord50

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA

gdi32

SetBkColor

urlmon

URLDownloadToFileA

dbghelp

MiniDumpWriteDump

wtsapi32

WTSSendMessageW

Exports

Exports

AddAllRedirectInfo
AddLocalRedirectInfo
FreeData
InitData
IsProcessRunning
RepairNet
SetCurlProxyInfo

Sections

.text
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b18a289557eb8b6681c82bbb72ca4b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

shell32

shlwapi

crypt32

wldap32

iphlpapi

version

gdi32

urlmon

dbghelp

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 548KB

.rdata Size: - Virtual size: 109KB

.data Size: - Virtual size: 21KB

.vmp0 Size: - Virtual size: 5.4MB

.vmp1 Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 548KB

.rdata
Size: - Virtual size: 109KB

.data
Size: - Virtual size: 21KB

.vmp0
Size: - Virtual size: 5.4MB

.vmp1
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB