40bce41ea42e7f6370d06af4049ff005c0d13653ebcd75c66cae6cc418a537a3

Sharing

Copy URL

Twitter E-mail

General

Target

40bce41ea42e7f6370d06af4049ff005c0d13653ebcd75c66cae6cc418a537a3
Size

11.5MB
MD5

0ba4fe418f52b4c758b29370ddbe8695
SHA1

2a2355e99a51dedf563bda59f3ba4139bbecbb70
SHA256

40bce41ea42e7f6370d06af4049ff005c0d13653ebcd75c66cae6cc418a537a3
SHA512

4cd2da0d6e1cdaaac9925dbd8b52d73cf363bb76bf1c84b7f1954cbb21081b241ea6b67236d1b7a8c9b95ccd294690d77f9dd287bbb3ef04832fcd1727fc32db
SSDEEP

196608:E+2JCkz0MJHCJUQklLx9FrLApxK9NrgNrkbG9GQbEFm7eEfXIvCIE7UOltRXnXoV:EJCk5H/tc3a4kSQcEFmyEfXGujXoS3mn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40bce41ea42e7f6370d06af4049ff005c0d13653ebcd75c66cae6cc418a537a3

Files

40bce41ea42e7f6370d06af4049ff005c0d13653ebcd75c66cae6cc418a537a3
.exe windows x86

3568a5cf81e64b0af5da3075224f49cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamProperty

ws2_32

socket

rasapi32

RasHangUpA

kernel32

GetVersionExA
GetVersion
IsValidCodePage
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetScrollRange

gdi32

OffsetViewportOrgEx

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

SysAllocStringLen

comctl32

ImageList_Draw

oledlg

ord8

wininet

InternetReadFile

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3568a5cf81e64b0af5da3075224f49cc

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 10.4MB

.data Size: - Virtual size: 436KB

.vmp0 Size: - Virtual size: 974KB

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 10.4MB

.data
Size: - Virtual size: 436KB

.vmp0
Size: - Virtual size: 974KB

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 72KB - Virtual size: 68KB