6a41e6d4fd52047d196a7280189dbedc585461873a1239ed93507c1392bccd88

Sharing

Copy URL Twitter E-mail

General

Target

6a41e6d4fd52047d196a7280189dbedc585461873a1239ed93507c1392bccd88
Size

12.8MB
MD5

cf9a2b476e60aec90a8aa925f898ee44
SHA1

b61edcaedcedf6bb4186d2119d2de7efa2a44f73
SHA256

6a41e6d4fd52047d196a7280189dbedc585461873a1239ed93507c1392bccd88
SHA512

1b53becc370064dc04b2152346a65f77799e647e75f7219c1a79436e324933f8ace3a7ca8d6f1697ea728e26a6203fe58b8b4b15c8062a9866e119095c513b7d
SSDEEP

393216:9uzp0ICBxmK7DFyuPnqb6LtfJUxaoXklZ:Yp5ixhXPnqGZa4Z

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a41e6d4fd52047d196a7280189dbedc585461873a1239ed93507c1392bccd88

Files

6a41e6d4fd52047d196a7280189dbedc585461873a1239ed93507c1392bccd88
.exe windows:5 windows x86

2ba8cd4229a14ef72db2414829cb9c6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

crypt32

CryptBinaryToStringA

user32

wsprintfW

rasapi32

RasDialA

iphlpapi

GetAdaptersInfo

winmm

midiStreamProperty

ws2_32

WSAStartup

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

rpcrt4

UuidToStringA

gdi32

OffsetViewportOrgEx

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

OleIsCurrentClipboard

oleaut32

SysAllocStringLen

odbc32

ord61

comctl32

ImageList_SetBkColor

oledlg

ord8

wininet

InternetCloseHandle

wldap32

ord29

Sections

.text
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

m��=�u�
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ba8cd4229a14ef72db2414829cb9c6e

Headers

File Characteristics

Imports

kernel32

crypt32

user32

rasapi32

iphlpapi

winmm

ws2_32

msvfw32

avifil32

rpcrt4

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

oledlg

wininet

wldap32

Sections

.text Size: - Virtual size: 4.4MB

.rdata Size: - Virtual size: 12.6MB

.data Size: - Virtual size: 749KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 12.7MB - Virtual size: 12.7MB

.rsrc Size: 72KB - Virtual size: 68KB

m��=�u� Size: 20KB - Virtual size: 20KB

.text
Size: - Virtual size: 4.4MB

.rdata
Size: - Virtual size: 12.6MB

.data
Size: - Virtual size: 749KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 12.7MB - Virtual size: 12.7MB

.rsrc
Size: 72KB - Virtual size: 68KB

m��=�u�
Size: 20KB - Virtual size: 20KB