f8ea777c631620662ef6b066dbd513e3db9c5b020ad47ec3119e44fdd887d439

Sharing

Copy URL Twitter E-mail

General

Target

f8ea777c631620662ef6b066dbd513e3db9c5b020ad47ec3119e44fdd887d439
Size

11.6MB
MD5

685b50153104b94916c28883a99985ae
SHA1

13b07a7aac63bf1381c687ec0e73df6d907b89bd
SHA256

f8ea777c631620662ef6b066dbd513e3db9c5b020ad47ec3119e44fdd887d439
SHA512

44ebf1add398d22b45b71d48bb2369c447210c28f3558326fb0c52deed1b0a2011cc88128eb4099165a721880c5224a8c49ff554d4c41f64e20fd3a4dd25dae7
SSDEEP

196608:C+2pzL4haceqTCT9GuKngXnpVcp8ZswkWFMvbQpaI91flLkRlXIoJqDHDof:Dk4EEq9kcni4kWFsbQAItuIoJCj4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8ea777c631620662ef6b066dbd513e3db9c5b020ad47ec3119e44fdd887d439

Files

f8ea777c631620662ef6b066dbd513e3db9c5b020ad47ec3119e44fdd887d439
.exe windows x86

865959a32d53c14cd78e84b9a04b4cfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIStreamRelease

msvfw32

DrawDibOpen

winmm

mciSendCommandA

kernel32

GetVersionExA
GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostQuitMessage
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetCurrentObject

comdlg32

ChooseColorA

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

DragQueryFileA

comctl32

ImageList_Remove

oledlg

ord1

ole32

ReleaseStgMedium

olepro32

ord253

oleaut32

SafeArrayAccessData

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa

wininet

HttpOpenRequestA

shlwapi

PathRemoveFileSpecA

skinh

SkinH_SetAero

imm32

ImmAssociateContext

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

865959a32d53c14cd78e84b9a04b4cfe

Headers

File Characteristics

Imports

avifil32

msvfw32

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

ws2_32

wininet

shlwapi

skinh

imm32

wtsapi32

Sections

.text Size: - Virtual size: 2.3MB

.rodata Size: - Virtual size: 11KB

.rotext Size: - Virtual size: 108KB

.rdata Size: - Virtual size: 427KB

.data Size: - Virtual size: 1.3MB

.vmp0 Size: - Virtual size: 6.5MB

.vmp1 Size: 9.6MB - Virtual size: 9.6MB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: - Virtual size: 2.3MB

.rodata
Size: - Virtual size: 11KB

.rotext
Size: - Virtual size: 108KB

.rdata
Size: - Virtual size: 427KB

.data
Size: - Virtual size: 1.3MB

.vmp0
Size: - Virtual size: 6.5MB

.vmp1
Size: 9.6MB - Virtual size: 9.6MB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB