11a582906cceeb071f1b4826e09cb558f9f096f559247212a18aa1ee398cd758

Sharing

Copy URL Twitter E-mail

General

Target

11a582906cceeb071f1b4826e09cb558f9f096f559247212a18aa1ee398cd758
Size

1.2MB
MD5

1098833359cb94281ae88558aeb766b3
SHA1

5bff0ea433ad98a0a81d0b8eda514b5eada9c5c1
SHA256

11a582906cceeb071f1b4826e09cb558f9f096f559247212a18aa1ee398cd758
SHA512

eb105b5eaae70a2e7fc94eb0ff2c84a215876a66679a931b1b30e2960a828e008b285d2c037d5826c82d52d1e9cd8e907097532ccc5c9f87f60103c92695af4a
SSDEEP

24576:IlsyPNKRUDZuYIPRVj8Xsmoxbs+jwBlDx8BLf13J7pgKqLPNdcgVILqylnK:IlsyPN8N88m7+WlDaN/wPAgny0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11a582906cceeb071f1b4826e09cb558f9f096f559247212a18aa1ee398cd758

Files

11a582906cceeb071f1b4826e09cb558f9f096f559247212a18aa1ee398cd758
.dll windows x86

303a3e4b580db7e2ece007be6ccf3fb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetVersion
GetSystemTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegOpenKeyA

user32

EnableWindow

gdi32

SetViewportOrgEx

shell32

SHGetSpecialFolderLocation

shlwapi

PathFileExistsA

ws2_32

getservbyname

rasapi32

RasHangUpA

winspool.drv

OpenPrinterA

comctl32

ord17

wininet

HttpQueryInfoA

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

303a3e4b580db7e2ece007be6ccf3fb7

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 571KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 339KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 220B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 571KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 339KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 220B

.rsrc
Size: 4KB - Virtual size: 664B