64ade26925298902821ae1f5f40527aa[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

64ade26925298902821ae1f5f40527aa.bin
Size

2.9MB
MD5

de1f642dc123c81505cdc851ec8ae0b8
SHA1

77012d4fdab5723d39ae0f64e1d440e1df1cfbf5
SHA256

99610ede433986199b3d5703dacb9eca39e0bdf511f8ed89795ab8c15625b4d4
SHA512

adf5ab818f36dd755e4e682855f0124a015bd335a9b5d37c47446b141f4628c380a856b26e96bfe94c9981239fce919341cebc0d4dab51040958330a4f568d19
SSDEEP

49152:fB6fVIP9rhjmrbO9dudRojyYWnF3aumv8u55MvOeyCXE30iX4nwaL8ymZSsGc4zo:s69dudmjyF3aum0ujuyiiXmwaL8QE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/5ae5c17ab942be5faa0588fe33ff5cf96c0575ec4767e66b12dff3cee531b325.bin	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5ae5c17ab942be5faa0588fe33ff5cf96c0575ec4767e66b12dff3cee531b325.bin

Files

64ade26925298902821ae1f5f40527aa.bin
.zip

Password: infected
5ae5c17ab942be5faa0588fe33ff5cf96c0575ec4767e66b12dff3cee531b325.bin
.exe windows x86

Password: infected

900723d55a3647432e32796756f54971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vhookjx2

?InjectDll@@YAHPAUHWND__@@@Z

kernel32

GetVersionExW
GetSystemInfo
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCursor

gdi32

GetSystemPaletteEntries

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

Shell_NotifyIconW

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW

ole32

StgCreateDocfileOnILockBytes

oleaut32

SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipAlloc

ws2_32

htonl

oleacc

CreateStdAccessibleObject

imm32

ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

900723d55a3647432e32796756f54971

Headers

DLL Characteristics

File Characteristics

Imports

vhookjx2

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

imm32

winmm

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 291KB

.data Size: - Virtual size: 55KB

.vmp0 Size: - Virtual size: 2.1MB

.vmp1 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 291KB

.data
Size: - Virtual size: 55KB

.vmp0
Size: - Virtual size: 2.1MB

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 13KB - Virtual size: 12KB