bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b[.]exe[.]zip

General

Target

bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe.zip
Size

5.3MB
MD5

2dc2379b41e074f73f6f771de6f1edcb
SHA1

59c0002bb3549059cd0ec5e1d81920e129325655
SHA256

a219a91f87e6b075973c56707504c46fb1fd7cd17a743c49f095eb550d3c3a2d
SHA512

e515d656d35b167de36793751aeb946494eb4073a4104e3bf61b0e3a0f3b258ce15ad5df1c5ddd3c847faf12e3023c05e1c5b49ade9210cefdc5802d4d710727
SSDEEP

98304:UM+yYAAq3rBaYFjyCEYr2SqV31ChD78JDEcJhOIZJMci756bnQkEhBatJJ+TAaWn:U9yfAqbBa1Lxkv8JgcOci7YzQkmC00Z9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe

Files

bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe.zip
.zip

Password: infected
bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe
.exe windows:6 windows x86

5c65159f765791a3ae73895b771c241d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

kernel32

GetCurrentProcessId
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TranslateMessage
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5c65159f765791a3ae73895b771c241d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

wtsapi32

Sections

.text Size: - Virtual size: 233KB

.rdata Size: - Virtual size: 28KB

.data Size: - Virtual size: 53KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 233KB

.rdata
Size: - Virtual size: 28KB

.data
Size: - Virtual size: 53KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B