4e2000f80c7a37cb696bea5802575b8645e7c2a2d173b82bebc263f1d8278c88

Sharing

Copy URL Twitter E-mail

General

Target

4e2000f80c7a37cb696bea5802575b8645e7c2a2d173b82bebc263f1d8278c88
Size

3.6MB
MD5

a82fd524c869e31567480bbbbd0faa30
SHA1

cfb5dd60e560c4e5edbbe030859ccb6546e3aa85
SHA256

4e2000f80c7a37cb696bea5802575b8645e7c2a2d173b82bebc263f1d8278c88
SHA512

207e948a48582c1edb2c127e315f6cd733607aa8d8bc185a6de39cd2c86438d2494a65aa9a42551aa60ce5dbd8db541589dc4dd80e826d0c9a20d5cd7d95eeab
SSDEEP

98304:BA3s52RpdqOPDtJnyjvNuSXvV9RiuN7nerAKSAlF:WcqdqOZpcuCV9Rxj6B

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e2000f80c7a37cb696bea5802575b8645e7c2a2d173b82bebc263f1d8278c88

Files

4e2000f80c7a37cb696bea5802575b8645e7c2a2d173b82bebc263f1d8278c88
.exe windows:5 windows x86

d479f5b08ab4722c46a998d6b40c4f7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetVersion
GetVersionExA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsIconic

gdi32

BitBlt

advapi32

OpenSCManagerW

shell32

ShellExecuteW

ole32

CLSIDFromString

oleaut32

VariantClear

psapi

GetModuleFileNameExW

iphlpapi

IpRenewAddress

gdiplus

GdipGraphicsClear

wininet

HttpQueryInfoW

imm32

ImmGetContext

Sections

.text
Size: - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d479f5b08ab4722c46a998d6b40c4f7e

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

iphlpapi

gdiplus

wininet

imm32

Sections

.text Size: - Virtual size: 670KB

.rdata Size: - Virtual size: 96KB

.data Size: - Virtual size: 94KB

.vmp0 Size: - Virtual size: 2.0MB

.vmp1 Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 512B - Virtual size: 204B

.rsrc Size: 21KB - Virtual size: 1.1MB

.text
Size: - Virtual size: 670KB

.rdata
Size: - Virtual size: 96KB

.data
Size: - Virtual size: 94KB

.vmp0
Size: - Virtual size: 2.0MB

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 512B - Virtual size: 204B

.rsrc
Size: 21KB - Virtual size: 1.1MB