b7c856d4e1bead4ff3c0709c14476b950b080498b624526734bf7bbe04c0f0c3

Sharing

Copy URL

Twitter E-mail

General

Target

b7c856d4e1bead4ff3c0709c14476b950b080498b624526734bf7bbe04c0f0c3
Size

9.6MB
MD5

3fe5a47ec6c3939bccef276996694958
SHA1

235fd76c515ebcd037d6d957240f8016d503b5e7
SHA256

b7c856d4e1bead4ff3c0709c14476b950b080498b624526734bf7bbe04c0f0c3
SHA512

ac603eae1d0ca034ae758626935b2018d7b8e3dd91a885dcdd37c4499731e643b24a999dcea5ed681fb07ac45d88dcee0d4e9f77d9f2fff925edadf1f6274c3e
SSDEEP

196608:0Q3dYkxfAXUANWaqYw93jRhHI08HLQeBSbQudDlU99O2:JJTD/RlIYe6lU99O

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7c856d4e1bead4ff3c0709c14476b950b080498b624526734bf7bbe04c0f0c3

Files

b7c856d4e1bead4ff3c0709c14476b950b080498b624526734bf7bbe04c0f0c3
.dll windows x64

568d27c3244f590ea4466b7645e14a1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

opencv_world440

?bitwise_and@cv@@YAXAEBV_InputArray@1@0AEBV_OutputArray@1@0@Z

gdiplus

GdiplusShutdown

libcrypto-1_1-x64

BIO_new_mem_buf

libssl-1_1-x64

OPENSSL_init_ssl

mfc140u

ord8468

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetMessagePos
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SelectObject

advapi32

LookupPrivilegeValueW

shell32

ShellExecuteW

comctl32

ImageList_ReplaceIcon

shlwapi

PathFileExistsW

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear

msvcp140

_FNan

ws2_32

WSACleanup

crypt32

CertOpenSystemStoreW

winmm

mciSendCommandW

vcruntime140

__std_terminate

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-time-l1-1-0

wcsftime

api-ms-win-crt-math-l1-1-0

_finite

wtsapi32

WTSSendMessageW

Exports

Exports

ShowDlg

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

568d27c3244f590ea4466b7645e14a1d

Headers

DLL Characteristics

File Characteristics

Imports

opencv_world440

gdiplus

libcrypto-1_1-x64

libssl-1_1-x64

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp140

ws2_32

crypt32

winmm

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: - Virtual size: 497KB

.data Size: - Virtual size: 46KB

.pdata Size: - Virtual size: 73KB

.tls Size: - Virtual size: 33B

.vmp0 Size: - Virtual size: 11.5MB

.vmp1 Size: 9.3MB - Virtual size: 9.3MB

.reloc Size: 512B - Virtual size: 144B

.rsrc Size: 248KB - Virtual size: 248KB

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 497KB

.data
Size: - Virtual size: 46KB

.pdata
Size: - Virtual size: 73KB

.tls
Size: - Virtual size: 33B

.vmp0
Size: - Virtual size: 11.5MB

.vmp1
Size: 9.3MB - Virtual size: 9.3MB

.reloc
Size: 512B - Virtual size: 144B

.rsrc
Size: 248KB - Virtual size: 248KB