b093e6d71f77361e059ec752060d3278b8f9553dc0e6b4c4fadd8259fa36c148

Sharing

Copy URL Twitter E-mail

General

Target

b093e6d71f77361e059ec752060d3278b8f9553dc0e6b4c4fadd8259fa36c148
Size

5.0MB
MD5

fd04d776d7114abb121c7ff7ca24aa67
SHA1

931a695f409201477b646e2a759d98dff45bb293
SHA256

b093e6d71f77361e059ec752060d3278b8f9553dc0e6b4c4fadd8259fa36c148
SHA512

9236b0335196acb9023a234aada2d5cea34c92cc82222cb7c69b8a8f2cd71280892512478d0ecfcf53f402d4bc8898d9ac3385ae411f646494f606635d921b4b
SSDEEP

98304:BKJ5nzdyiuEA1WmRvjLmxJJ8Y+zXcFUBLAEbzujTbfq/bIAPI/0yFC1674:BKJVzMiuEApmxI/XcFUKEOa/NPIMnk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b093e6d71f77361e059ec752060d3278b8f9553dc0e6b4c4fadd8259fa36c148

Files

b093e6d71f77361e059ec752060d3278b8f9553dc0e6b4c4fadd8259fa36c148
.dll windows x86

0d117afd313fd8655bfea5a9872fd598

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc140u

ord14137

kernel32

ReadFile
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

KillTimer
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

shlwapi

StrToIntW

uxtheme

EnableThemeDialogTexture

msvcp140

?_Xlength_error@std@@YAXPBD@Z

winmm

mciSendStringW

netapi32

Netbios

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d117afd313fd8655bfea5a9872fd598

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

shlwapi

uxtheme

msvcp140

winmm

netapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 242KB

.rdata Size: - Virtual size: 42KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 242KB

.rdata
Size: - Virtual size: 42KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB