d33b1e0e364bf7d0693f6ae4b534dc3bba95deb9fed74b929bda8a5d967aed7a

Sharing

Copy URL Twitter E-mail

General

Target

d33b1e0e364bf7d0693f6ae4b534dc3bba95deb9fed74b929bda8a5d967aed7a
Size

1.2MB
MD5

89ea890472fae1bdcec86902c7f7aa18
SHA1

0332bc40fd52767f5308cc4f205afb008ceaa2bc
SHA256

d33b1e0e364bf7d0693f6ae4b534dc3bba95deb9fed74b929bda8a5d967aed7a
SHA512

1f445e173fd5dcf89ccba9aab63213b1c53c8e109c73e46a1d1ed61c69f3408a0237a7f795cd5ff59f1a9c980f8ef9fa77c786d457a38453277e77ace5f46e82
SSDEEP

24576:R/XWG0MHmdTt4DKumrosffB4M2drheZYs9DXVK1kIb87GY+44mq4:9XWPMHmdTam0sffBsheZYs9DXVK1kIY+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d33b1e0e364bf7d0693f6ae4b534dc3bba95deb9fed74b929bda8a5d967aed7a

Files

d33b1e0e364bf7d0693f6ae4b534dc3bba95deb9fed74b929bda8a5d967aed7a
.dll windows x86

4e739fa410011d9827975cd8f03b1a19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetVersion
GetWindowsDirectoryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegOpenKeyA

user32

DrawTextA

gdi32

SaveDC

shell32

SHGetPathFromIDListA

shlwapi

PathFileExistsA

ws2_32

send

rasapi32

RasHangUpA

winspool.drv

DocumentPropertiesA

comctl32

ord17

wininet

InternetReadFile

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e739fa410011d9827975cd8f03b1a19

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 571KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 342KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 228B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 571KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 342KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 228B

.rsrc
Size: 4KB - Virtual size: 664B