699b8c4933210c9cfc8c1195f0e895fd0bcae33bc52c6e8412a77ec7a734ed8e

Sharing

Copy URL Twitter E-mail

General

Target

699b8c4933210c9cfc8c1195f0e895fd0bcae33bc52c6e8412a77ec7a734ed8e
Size

10.3MB
MD5

0730fe139861a4fee202b90a41f4ceb3
SHA1

f0b58a431dc99f49dd75cb484c2f3d060109ba66
SHA256

699b8c4933210c9cfc8c1195f0e895fd0bcae33bc52c6e8412a77ec7a734ed8e
SHA512

3a8b779ad94f0465356c825ec47e3a35bcf3f2f83aa370ed71ae0ad8b3b31b314cda925b747b0ffb1ca6ca40c0675aebe54c9c241aff16bd10a341d53a335d63
SSDEEP

196608:Zub2TRPvEwo+Ln7toM+CVoxKmfCwZ3zklZPGD6XLqgwgpCsqb/NJnnkNT9OU4Y64:Qb2N0wZ7iM+8MtZwLbqgwgpfqb/NJkNK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699b8c4933210c9cfc8c1195f0e895fd0bcae33bc52c6e8412a77ec7a734ed8e

Files

699b8c4933210c9cfc8c1195f0e895fd0bcae33bc52c6e8412a77ec7a734ed8e
.exe windows x86

79450283f022c12d22fa07590246eb58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

crypt32

CryptBinaryToStringA

user32

GetCursor

iphlpapi

GetAdaptersInfo

winmm

waveOutClose

ws2_32

WSAStartup

version

GetFileVersionInfoA

rasapi32

RasEnumConnectionsA

gdi32

PatBlt

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

GetActiveObject

odbc32

ord14

comctl32

ImageList_DrawIndirect

wininet

InternetCloseHandle

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79450283f022c12d22fa07590246eb58

Headers

File Characteristics

Imports

kernel32

crypt32

user32

iphlpapi

winmm

ws2_32

version

rasapi32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 3.5MB

.rdata Size: - Virtual size: 10.0MB

.data Size: - Virtual size: 634KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 10.3MB - Virtual size: 10.3MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 3.5MB

.rdata
Size: - Virtual size: 10.0MB

.data
Size: - Virtual size: 634KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 10.3MB - Virtual size: 10.3MB

.rsrc
Size: 8KB - Virtual size: 7KB