9354353a1fee91a6426b1f11558086c37847eca3a9f78d789ed954c541293cf1

General

Target

9354353a1fee91a6426b1f11558086c37847eca3a9f78d789ed954c541293cf1
Size

2.0MB
MD5

20e26d3991cda84499ca5769a7b44e0c
SHA1

17fffe3dd3a389c7059bdbd75589bc9538fabe7b
SHA256

9354353a1fee91a6426b1f11558086c37847eca3a9f78d789ed954c541293cf1
SHA512

259d3f5d05040a6b5b3e91aa6fd35e70428882a53754aa407315361dcdf192f10fb4db0ebdb0f8b6e20f2413910aa493e65016fb91a7d1266eeaf33df8674f9d
SSDEEP

49152:pVQRsL7nJ9lv0Q5UEDwzcKU2yfyce1gb5Ngkry:D0qnNsxJyfycKgHgt

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9354353a1fee91a6426b1f11558086c37847eca3a9f78d789ed954c541293cf1

Files

9354353a1fee91a6426b1f11558086c37847eca3a9f78d789ed954c541293cf1
.dll regsvr32 windows x86

cd712835608e3e6acbed71b30626c3fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetTokenInformation
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

wtsapi32

WTSSendMessageW

user32

CharUpperBuffW

Exports

Exports

DllInstall
DllRegisterServer

Sections

.text
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd712835608e3e6acbed71b30626c3fe

Headers

File Characteristics

Imports

kernel32

advapi32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 168KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: - Virtual size: 35KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 82KB - Virtual size: 82KB

.text
Size: - Virtual size: 168KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: - Virtual size: 35KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 82KB - Virtual size: 82KB