574472d14e8f4b1b1fd82e9abd0647c23e61b3f007f93eeb4d26d59eddff45f0

Sharing

Copy URL Twitter E-mail

General

Target

574472d14e8f4b1b1fd82e9abd0647c23e61b3f007f93eeb4d26d59eddff45f0
Size

2.9MB
MD5

d5cac917aa7d7f334e8c5979320ca561
SHA1

5554fc07ec95f34e039379882bca07d5331990ef
SHA256

574472d14e8f4b1b1fd82e9abd0647c23e61b3f007f93eeb4d26d59eddff45f0
SHA512

d13aaf1264b17b51679763f1c6422455faa3fa8e7db0634a61d5406dd9d63e64e0de71d026940f70429abac1d022a840ec47634e8760f1f9b841847db8b23de4
SSDEEP

49152:5Qsv/PmXgG1lCVW+xy+Gk9wN/GJal2mGzlHj+jhTF3C5ObWUpalVp5NZU:56gklCVny+N+pGgl6lMTF3C5RHp5NS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
574472d14e8f4b1b1fd82e9abd0647c23e61b3f007f93eeb4d26d59eddff45f0

Files

574472d14e8f4b1b1fd82e9abd0647c23e61b3f007f93eeb4d26d59eddff45f0
.exe windows:5 windows x86

44179b2dfd55eb6154e2a75bfc8d5c57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamRestart

ws2_32

WSACleanup

rasapi32

RasHangUpA

kernel32

GetVersionExA
GetVersion
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage

gdi32

GetStockObject

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ord17

wsock32

getservbyname

wininet

InternetReadFile

comdlg32

GetOpenFileNameA

Sections

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44179b2dfd55eb6154e2a75bfc8d5c57

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

wininet

comdlg32

Sections

.data Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 1.2MB

.vmp0 Size: - Virtual size: 610KB

.vmp1 Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 24KB - Virtual size: 21KB

.data
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 1.2MB

.vmp0
Size: - Virtual size: 610KB

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 24KB - Virtual size: 21KB