70bf10239a35bc22cb119cc7dda198a1cd23a75d069f6d2afc0d7ffd1ba09dca

Sharing

Copy URL Twitter E-mail

General

Target

70bf10239a35bc22cb119cc7dda198a1cd23a75d069f6d2afc0d7ffd1ba09dca
Size

636KB
MD5

4eb5f90af4f865015b422c2b0343aa24
SHA1

724315b472a60fc37c51d63816648b7a06f86028
SHA256

70bf10239a35bc22cb119cc7dda198a1cd23a75d069f6d2afc0d7ffd1ba09dca
SHA512

6ea7651e7813f76dfc528664fa16b8f9620dfaefedbf9fccc538b432b6c905720644a182bd1c15bcb136af859cdc8927da03cc4b733e40ebeed7ef107366c624
SSDEEP

12288:EzPCiF4aAC6P/4VwDUMn4zEfd5kQY+9KFJtFg2i/i7n7cTRHyDq:EzPCOe1N4MY+9KFJvgen7ctHyDq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70bf10239a35bc22cb119cc7dda198a1cd23a75d069f6d2afc0d7ffd1ba09dca

Files

70bf10239a35bc22cb119cc7dda198a1cd23a75d069f6d2afc0d7ffd1ba09dca
.exe windows:4 windows x86

94f1418317151ee3a16ca39afcd3a16b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
lstrcpyA
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LoadLibraryExA
OpenProcess
GetCurrentDirectoryA
GetModuleHandleA
Sleep
GetProcAddress
CreateFileA
DeviceIoControl
SetEvent
GetCurrentThreadId
ExitThread
FlushFileBuffers
SetStdHandle
GetStringTypeW
VirtualProtect
WriteProcessMemory
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
LoadLibraryA
IsBadReadPtr
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessA
DeleteFileA
GetFileSize
WriteFile
SetFilePointer
WideCharToMultiByte
WaitForSingleObject
FreeLibrary
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
SetLastError
ReleaseMutex
GetExitCodeProcess
TerminateProcess
GetModuleFileNameA
CreateEventA
CreateMutexA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
InterlockedExchange
lstrlenA
lstrcpynA
LocalFree
FormatMessageA
lstrcmpiA
ExitProcess
GetCurrentProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
lstrcmpA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage
GetMessageA
PostQuitMessage
FindWindowA
wsprintfA
DestroyWindow
DefWindowProcA
LoadStringA
CharUpperBuffA
PeekMessageA
CreateWindowExA
RegisterClassA
LoadIconA
DispatchMessageA

advapi32

RegEnumValueA
LookupAccountSidA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA

shell32

Shell_NotifyIconA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeGetTime

wininet

InternetSetStatusCallback
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94f1418317151ee3a16ca39afcd3a16b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

winmm

wininet

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 24KB

.vmp0 Size: - Virtual size: 500KB

.vmp1 Size: 576KB - Virtual size: 576KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 24KB

.vmp0
Size: - Virtual size: 500KB

.vmp1
Size: 576KB - Virtual size: 576KB

.rsrc
Size: 56KB - Virtual size: 56KB