aae7f3632a83cb5806fe1045dc93176dd9b79004dacbebf2f8b4be88ea4b3dcb

Sharing

Copy URL Twitter E-mail

General

Target

aae7f3632a83cb5806fe1045dc93176dd9b79004dacbebf2f8b4be88ea4b3dcb
Size

2.6MB
MD5

a8780af6177821eded1b4ede183e1fc7
SHA1

a3087d12c519b57b587136fbdf75833a30a7b5b0
SHA256

aae7f3632a83cb5806fe1045dc93176dd9b79004dacbebf2f8b4be88ea4b3dcb
SHA512

1e04c6e354c3fa66888e74a6115f9af7f6c497beee08d850223d797aa618b6bbf677c8dddafe591f0ef1a191fed5676e9b504cf7e1b26d4847944f262ade1c16
SSDEEP

49152:cWmTqeC+dMKLwQxfLXWunRPKJnf2eXUPkHeasrl3G8LEVQYRA:ETqfAvwRuRPKgeEP353L/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aae7f3632a83cb5806fe1045dc93176dd9b79004dacbebf2f8b4be88ea4b3dcb

Files

aae7f3632a83cb5806fe1045dc93176dd9b79004dacbebf2f8b4be88ea4b3dcb
.exe windows:5 windows x86

ffae2e0c153fdad20cee0415a3397dc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PeekMessageA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegDeleteKeyA

wininet

HttpOpenRequestA

ws2_32

inet_ntoa

psapi

GetMappedFileNameA

msvcrt

strncmp

shlwapi

PathFileExistsA

ole32

CoUninitialize

oleaut32

LoadTypeLi

Sections

.text
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 455B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffae2e0c153fdad20cee0415a3397dc3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

psapi

msvcrt

shlwapi

ole32

oleaut32

Sections

.text Size: - Virtual size: 176KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 1.1MB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 455B

.text
Size: - Virtual size: 176KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 1.1MB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 455B