7f85f4a828f2c0f8beb0ac69e0b0fbd18fa550e91cc50b2515cc2cfc560bbb8b

Sharing

Copy URL Twitter E-mail

General

Target

7f85f4a828f2c0f8beb0ac69e0b0fbd18fa550e91cc50b2515cc2cfc560bbb8b
Size

2.1MB
MD5

a272188beba66df7cd1b19309285fa0d
SHA1

58f5415adb298ac18cf306e8475fda737051872e
SHA256

7f85f4a828f2c0f8beb0ac69e0b0fbd18fa550e91cc50b2515cc2cfc560bbb8b
SHA512

a56e28eb1b312279715ba1abe017cd146636841b024af2538ebb7023c9c87dc10173e051801ad966d19ea39066b461c38d3516fdb887ee7533bfc29db6698ba6
SSDEEP

49152:jM0h1BS2WrRNjOctc8eakp5I0E0nhjg/UInthjYAcJGzga:Rh149JeZa/UIboJGz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f85f4a828f2c0f8beb0ac69e0b0fbd18fa550e91cc50b2515cc2cfc560bbb8b

Files

7f85f4a828f2c0f8beb0ac69e0b0fbd18fa550e91cc50b2515cc2cfc560bbb8b
.exe windows x86

48ba85d7d02a0b0ccece0a81303a1370

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamOut

ws2_32

WSACleanup

kernel32

SetFilePointer
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

DefWindowProcA
MessageBoxA

gdi32

ExtSelectClipRgn

msimg32

GradientFill

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

GetErrorInfo

comctl32

_TrackMouseEvent

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48ba85d7d02a0b0ccece0a81303a1370

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 705KB

.rdata Size: - Virtual size: 3.8MB

.data Size: - Virtual size: 283KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 192KB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 4KB - Virtual size: 204B

.text
Size: - Virtual size: 705KB

.rdata
Size: - Virtual size: 3.8MB

.data
Size: - Virtual size: 283KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 192KB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 4KB - Virtual size: 204B