dfc474d4eac834fcad9cb1d88a7273aec181070cf551f15cc6c5cded4324d175

Sharing

Copy URL

Twitter E-mail

General

Target

dfc474d4eac834fcad9cb1d88a7273aec181070cf551f15cc6c5cded4324d175
Size

10.7MB
MD5

ab49ad81412be98c774cde275196c9cb
SHA1

d91e859e3b6a809881ac306425b1a46dc1628821
SHA256

dfc474d4eac834fcad9cb1d88a7273aec181070cf551f15cc6c5cded4324d175
SHA512

e32e89318e80896dca00f4f2f2c19efce37fc8de1d5fc965dd38ca94e21ec778c98f5df58caab1288aa748a6973a001ea0a4e480d56f1ba915b2dccc901ed0de
SSDEEP

196608:1kzGKRvAur/k6WD/voTpgPvgdWQmQPUwR5waKW1J0wI5h6PPIi:1kzG8v9MxD/vGkvgpUqN/xHz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfc474d4eac834fcad9cb1d88a7273aec181070cf551f15cc6c5cded4324d175

Files

dfc474d4eac834fcad9cb1d88a7273aec181070cf551f15cc6c5cded4324d175
.exe windows x86

1902f6cd4d2e81e42db498c0b544803e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winmm

midiStreamOpen

ws2_32

accept

rasapi32

RasGetConnectStatusA

kernel32

DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterHotKey

gdi32

GetCurrentObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

SysFreeString

comctl32

ImageList_Destroy

oledlg

ord8

wininet

InternetCrackUrlA

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1902f6cd4d2e81e42db498c0b544803e

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 16.8MB

.data Size: - Virtual size: 555KB

.vmp0 Size: - Virtual size: 958KB

.vmp1 Size: 10.5MB - Virtual size: 10.5MB

.rsrc Size: 136KB - Virtual size: 135KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 16.8MB

.data
Size: - Virtual size: 555KB

.vmp0
Size: - Virtual size: 958KB

.vmp1
Size: 10.5MB - Virtual size: 10.5MB

.rsrc
Size: 136KB - Virtual size: 135KB