d64fda1ce427f1d5b884889b747e42b2842877cb3690e1e782fd69024918e197

Sharing

Copy URL Twitter E-mail

General

Target

d64fda1ce427f1d5b884889b747e42b2842877cb3690e1e782fd69024918e197
Size

2.7MB
MD5

eb2a802a54e81f6bac245b8a9882f7fe
SHA1

c2f6226a9923496781c1d4db0f6ccc3e6a37627c
SHA256

d64fda1ce427f1d5b884889b747e42b2842877cb3690e1e782fd69024918e197
SHA512

e78a546e3d6f17a1c0465d80620358833ef92847b6da4feb300eef246e7a7d7d0466d142b545d034e726c51bc4954a20fc49405e658fba6f101f3d1e9c182992
SSDEEP

49152:AWe72jwdKQobiWpbp8aG05VYC4ursJQG2BDEpfRJ9+:7eEwdxQp8aGaVYCAmDDEpfRJ9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d64fda1ce427f1d5b884889b747e42b2842877cb3690e1e782fd69024918e197

Files

d64fda1ce427f1d5b884889b747e42b2842877cb3690e1e782fd69024918e197
.exe windows x86

32f63bfd90a8155a7fac23279ae728ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

imagehlp

StackWalk

shlwapi

SHDeleteKeyA

ws2_32

inet_ntoa

version

GetFileVersionInfoSizeA

d3d9

Direct3DCreate9

stlport.5.0

?_S_next_size@?$_Stl_prime@_N@priv@stlp_std@@SAII@Z

mfc80

ord3931

msvcr80

fprintf

kernel32

GetVersionExA
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

GetClientRect
CharUpperBuffW

gdi32

GetObjectA

advapi32

RegOpenKeyExA
RegCloseKey
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

dbghelp

MiniDumpWriteDump

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f63bfd90a8155a7fac23279ae728ab

Headers

File Characteristics

Imports

winmm

imagehlp

shlwapi

ws2_32

version

d3d9

stlport.5.0

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

dbghelp

wtsapi32

Sections

.text Size: - Virtual size: 351KB

.rdata Size: - Virtual size: 83KB

.data Size: - Virtual size: 154KB

.tls Size: 4KB - Virtual size: 9B

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 4KB - Virtual size: 280B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 351KB

.rdata
Size: - Virtual size: 83KB

.data
Size: - Virtual size: 154KB

.tls
Size: 4KB - Virtual size: 9B

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 4KB - Virtual size: 280B

.rsrc
Size: 8KB - Virtual size: 7KB