4b4605d79078e89ca9f50083aa686c869c4b700a8847dde8695b8096281cab11

Sharing

Copy URL Twitter E-mail

General

Target

4b4605d79078e89ca9f50083aa686c869c4b700a8847dde8695b8096281cab11
Size

2.9MB
MD5

2b83a259460fb79d66ae023bcfc02400
SHA1

7b7214cf0f651454d822156ad1396e3d7afae995
SHA256

4b4605d79078e89ca9f50083aa686c869c4b700a8847dde8695b8096281cab11
SHA512

12ff767e51b100fd95925f7f0bc9c1e1e9b361f3fd35e52b50b54b0b72de8aac67f946502ea951193b7226e3b149dc25bd67907bbc3fb50d0e375a30ce8ebc77
SSDEEP

49152:0JyuY5Ca3chopO9IJrYXzUyop57+BejyUJomoFRUGuhkVw/XkgKj4IVNsxHhEd3Q:ndCSw+6sp576ejyU7o4hRYVmxHhGAqD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b4605d79078e89ca9f50083aa686c869c4b700a8847dde8695b8096281cab11

Files

4b4605d79078e89ca9f50083aa686c869c4b700a8847dde8695b8096281cab11
.exe windows:6 windows x86

e147c08fb273c60ffc95395d0be83be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RegisterClipboardFormatA
CharUpperBuffW

gdi32

GetStockObject

winspool.drv

DocumentPropertiesA

advapi32

CryptHashData
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetPathFromIDListA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA

ole32

CoCreateInstance

oleaut32

SysFreeString

oledlg

ord8

urlmon

URLDownloadToFileA

wininet

InternetReadFile

dbghelp

MakeSureDirectoryPathExists

version

VerQueryValueA

ws2_32

gethostname

oleacc

CreateStdAccessibleObject

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e147c08fb273c60ffc95395d0be83be7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wininet

dbghelp

version

ws2_32

oleacc

wtsapi32

Sections

.text Size: - Virtual size: 390KB

.rdata Size: - Virtual size: 109KB

.data Size: - Virtual size: 32KB

.vmp0 Size: - Virtual size: 2.6MB

.vmp1 Size: 2.8MB - Virtual size: 2.8MB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: - Virtual size: 390KB

.rdata
Size: - Virtual size: 109KB

.data
Size: - Virtual size: 32KB

.vmp0
Size: - Virtual size: 2.6MB

.vmp1
Size: 2.8MB - Virtual size: 2.8MB

.rsrc
Size: 68KB - Virtual size: 67KB