69918aa06d93d107fa1fb84bd76bee03ce4704e6f5ca23baf56df41c1dd11a37

Sharing

Copy URL Twitter E-mail

General

Target

69918aa06d93d107fa1fb84bd76bee03ce4704e6f5ca23baf56df41c1dd11a37
Size

1.2MB
MD5

4daaaae79d557cb136032d0653b1daac
SHA1

7595f1888576b917036075e9632a6acfdb5080a9
SHA256

69918aa06d93d107fa1fb84bd76bee03ce4704e6f5ca23baf56df41c1dd11a37
SHA512

dddbcaacc21bd442f5ab64dedae87237dc1173929fba820b0ccd363d0f84a2511fe5b9489603d73a5d313af2bbfcbdac4c679fcc0e435bf92090708ac83cdd70
SSDEEP

24576:s4lehsXSy/pMlWvbMK1ixnKGKhMuPtoarOEyMm5ghmqYUQP:rcETRMluMMiJKGKeuPjOEyMmGXxQP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69918aa06d93d107fa1fb84bd76bee03ce4704e6f5ca23baf56df41c1dd11a37

Files

69918aa06d93d107fa1fb84bd76bee03ce4704e6f5ca23baf56df41c1dd11a37
.dll windows:4 windows x86

04a12aab28b24d7cfbfa534168821593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetVersion
IsProcessorFeaturePresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegOpenKeyA

user32

IsWindowEnabled

gdi32

CreateBitmap

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

ws2_32

gethostbyname

rasapi32

RasHangUpA

winspool.drv

DocumentPropertiesA

comctl32

ord17

wininet

InternetOpenA

Exports

Exports

??��?IP
_???��3��D��

Sections

.text
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04a12aab28b24d7cfbfa534168821593

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

ws2_32

rasapi32

winspool.drv

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 572KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 1.2MB

.vmp0 Size: - Virtual size: 349KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 256B

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 572KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 1.2MB

.vmp0
Size: - Virtual size: 349KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 256B

.rsrc
Size: 4KB - Virtual size: 664B