823a52bf444e6bc36e6d6ef5bfe790ae8a808c8d166cc8e30a1c3ef2f6fa506c

Sharing

Copy URL Twitter E-mail

General

Target

823a52bf444e6bc36e6d6ef5bfe790ae8a808c8d166cc8e30a1c3ef2f6fa506c
Size

8.9MB
MD5

67432024d37f0dbcfdbdb425743bf5a6
SHA1

fcebc43a4ad5b285402aa232f081e0462aa5ee55
SHA256

823a52bf444e6bc36e6d6ef5bfe790ae8a808c8d166cc8e30a1c3ef2f6fa506c
SHA512

2479ba1e23d4f6ead6cd9368e2a500137dd7a617232148c23eb7a3c65c9ab25de76088f5fc2edfb05a2625674dc026cf59099e87ad8c460512fae323247e91ff
SSDEEP

196608:FVKYLjG3RKD5iqpRx3NiG8+/T3sBc/lDfjizwuDjHq:FsYLjGod1r3NiG/W6DfjizjDjH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
823a52bf444e6bc36e6d6ef5bfe790ae8a808c8d166cc8e30a1c3ef2f6fa506c

Files

823a52bf444e6bc36e6d6ef5bfe790ae8a808c8d166cc8e30a1c3ef2f6fa506c
.exe windows x86

22ca1df0cf101b8fa5bb045319cd86cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetVersion
GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shlwapi

StrToIntExA

ws2_32

WSAStartup
htons

version

GetFileVersionInfoA

user32

GetClassNameA
RedrawWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

OleRun

psapi

GetModuleInformation

oleaut32

SafeArrayGetDim
SysStringLen

winmm

midiStreamRestart

rasapi32

RasGetConnectStatusA

gdi32

LineTo

winspool.drv

ClosePrinter

comctl32

ImageList_Read

oledlg

ord8

wininet

InternetCloseHandle

comdlg32

GetSaveFileNameA

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22ca1df0cf101b8fa5bb045319cd86cf

Headers

File Characteristics

Imports

kernel32

shlwapi

ws2_32

version

user32

advapi32

shell32

ole32

psapi

oleaut32

winmm

rasapi32

gdi32

winspool.drv

comctl32

oledlg

wininet

comdlg32

wtsapi32

Sections

.text Size: - Virtual size: 2.5MB

.rdata Size: - Virtual size: 989KB

.data Size: - Virtual size: 3.4MB

.vmp0 Size: - Virtual size: 4.8MB

.vmp1 Size: 8.9MB - Virtual size: 8.9MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 2.5MB

.rdata
Size: - Virtual size: 989KB

.data
Size: - Virtual size: 3.4MB

.vmp0
Size: - Virtual size: 4.8MB

.vmp1
Size: 8.9MB - Virtual size: 8.9MB

.rsrc
Size: 8KB - Virtual size: 6KB