SecuriteInfo[.]com[.]Win32[.]Malware-gen[.]14949[.]11679

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Malware-gen.14949.11679
Size

1.4MB
MD5

5c7ca30736b8b3c424539fdcc120a7ba
SHA1

7a48989f2923ae840dcdb8ed768778fddd715a64
SHA256

4c7c8dcffe9e014f4477e9c505f590f999003b1dbcca44e4c42e3b839b59b7bf
SHA512

7cf1a2a2a0d081cb9dea04015aee264bb7496512673951e84d39c24a64212c8e3f3a950d9448c2233b2aa9ae5b487227a789edbe5162e330d0f120b3f1620190
SSDEEP

12288:829+mYU5LA6MKKrgRcVpQzKS7qdsEmEMpYDgQ7/HLjLZ9:82s/6Mrr7VpQDcsEmEM4g+F9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.Malware-gen.14949.11679

Files

SecuriteInfo.com.Win32.Malware-gen.14949.11679
.dll regsvr32 windows:4 windows x86

04b179ce6454e56b55568e159482f052

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_ntoa

xlluaruntime

luaL_unref

kernel32

HeapDestroy
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClassInfoExW
MessageBoxA

advapi32

RegDeleteKeyW

ole32

CoCreateInstance

oleaut32

SysStringByteLen

shlwapi

PathCombineW

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

strlen

atl71

ord30

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 532KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04b179ce6454e56b55568e159482f052

Headers

File Characteristics

Imports

ws2_32

xlluaruntime

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

atl71

Exports

Exports

Sections

.text Size: - Virtual size: 191KB

.rdata Size: - Virtual size: 42KB

.data Size: - Virtual size: 21KB

.rsrc Size: 16KB - Virtual size: 14KB

.vmp0 Size: - Virtual size: 21KB

.vmp1 Size: - Virtual size: 445KB

.vmp2 Size: 532KB - Virtual size: 529KB

.reloc Size: 4KB - Virtual size: 136B

.text
Size: - Virtual size: 191KB

.rdata
Size: - Virtual size: 42KB

.data
Size: - Virtual size: 21KB

.rsrc
Size: 16KB - Virtual size: 14KB

.vmp0
Size: - Virtual size: 21KB

.vmp1
Size: - Virtual size: 445KB

.vmp2
Size: 532KB - Virtual size: 529KB

.reloc
Size: 4KB - Virtual size: 136B