d85c0f6f4587e36977d2cdb42517b2685dca2271c71d56deef9388ca4852fa14

Sharing

Copy URL Twitter E-mail

General

Target

d85c0f6f4587e36977d2cdb42517b2685dca2271c71d56deef9388ca4852fa14
Size

4.2MB
MD5

2cb8972c8f7bb5977584c3defaeb0af8
SHA1

5b5c026bb71d2e563e96d85611e0594abc023ff7
SHA256

d85c0f6f4587e36977d2cdb42517b2685dca2271c71d56deef9388ca4852fa14
SHA512

2102e85c8d31bd85d7144f5e8006c81d8e1a8e36bc34a90d292d171da28e2825a496298f0e9cfa8b20838b4fe90c762dedc9bf3d9877081fbb7258d11a2933bc
SSDEEP

98304:neLcTgNq2XuTJmhkWP7hZJSL29MwI5UFNqz6A:QP+TJkJSL29yCN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d85c0f6f4587e36977d2cdb42517b2685dca2271c71d56deef9388ca4852fa14

Files

d85c0f6f4587e36977d2cdb42517b2685dca2271c71d56deef9388ca4852fa14
.exe windows x86

1fd3c2f63831be9fe2db150b4a9a2e94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

comctl32

InitCommonControls

gdi32

DeleteObject

kernel32

GetVersionExA
GetVersion
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

oleaut32

UnRegisterTypeLib

rasapi32

RasHangUpA

shell32

ShellExecuteA

user32

GetCursorPos
GetMenu
CharUpperBuffW

ntdll

NtdllDefWindowProc_A

wininet

InternetCloseHandle

winmm

waveOutUnprepareHeader

winspool.drv

DocumentPropertiesA

ws2_32

closesocket

comdlg32

ChooseColorA

ole32

CLSIDFromString

wtsapi32

WTSSendMessageW

Sections

Size: - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata2
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fd3c2f63831be9fe2db150b4a9a2e94

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

oleaut32

rasapi32

shell32

user32

ntdll

wininet

winmm

winspool.drv

ws2_32

comdlg32

ole32

wtsapi32

Sections

Size: - Virtual size: 1000KB

Size: - Virtual size: 379KB

.vmp0 Size: - Virtual size: 3KB

.idata2 Size: - Virtual size: 8KB

.mackt Size: - Virtual size: 12KB

.vmp1 Size: - Virtual size: 3.6MB

.vmp2 Size: 4.2MB - Virtual size: 4.2MB

.reloc Size: 512B - Virtual size: 288B

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 3KB

.idata2
Size: - Virtual size: 8KB

.mackt
Size: - Virtual size: 12KB

.vmp1
Size: - Virtual size: 3.6MB

.vmp2
Size: 4.2MB - Virtual size: 4.2MB

.reloc
Size: 512B - Virtual size: 288B

.rsrc
Size: 1KB - Virtual size: 1KB