e4ca64a009cc2313a17c79dd8e6e792c1015d8af2c43129c27db853be2cd3237

Sharing

Copy URL Twitter E-mail

General

Target

e4ca64a009cc2313a17c79dd8e6e792c1015d8af2c43129c27db853be2cd3237
Size

775KB
MD5

ea2021ec9f26b914657b58ec57549473
SHA1

610cabc54472645341d26dcc239bd0ce87d92e58
SHA256

e4ca64a009cc2313a17c79dd8e6e792c1015d8af2c43129c27db853be2cd3237
SHA512

d35517629083b9e703c0b4038c17cb6b4aa5be80c460bfbc0970bf433ab755a485dfe10d4ff0292570672f543b62dae2f22903172d6243bf07a6ed9780d86154
SSDEEP

24576:BweFQlanZxY5T64yYnlrMx8ELy/zLZw7pPQ9sYgrJ0G+A:Bwe05+4VlrMx8ELy/zLZw7pPQ9sYgrJX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4ca64a009cc2313a17c79dd8e6e792c1015d8af2c43129c27db853be2cd3237

Files

e4ca64a009cc2313a17c79dd8e6e792c1015d8af2c43129c27db853be2cd3237
.dll windows:6 windows x86

e3b13906851e101c1c8df04c7366d0b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CoUninitialize

oleaut32

VariantInit

ws2_32

closesocket

Exports

Exports

_XL_AddCrashProcess@12
_XL_AddRuntimeLogfile@4
_XL_EnableModuleLoadLog@4
_XL_EnableReportAutoRestartApp@8
_XL_EnableThreadLog@4
_XL_EnableXLDoctor@16
_XL_InitBugHandler@20
_XL_IsEnableModuleLoadLog@0
_XL_IsEnableThreadLog@0
_XL_RemoveCrashProcess@4
_XL_SetAlwaysSendReport@4
_XL_SetBugReportRootDir@4
_XL_SetBusinessName@4
_XL_SetContinueDefaultFilter@4
_XL_SetCustomInfo@4
_XL_SetPeerID@4
_XL_SetProcessWorkState@4
_XL_SetReportLanguageID@4
_XL_SetReportPath@4
_XL_SetReportShowMode@4
_XL_SetRuntimeInfo@8

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3b13906851e101c1c8df04c7366d0b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 8KB

.vmp1 Size: 308KB - Virtual size: 307KB

.vmp0 Size: 4KB - Virtual size: 4KB

.vmp2 Size: 41KB - Virtual size: 41KB

.rsrc Size: 308KB - Virtual size: 307KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 8KB

.vmp1
Size: 308KB - Virtual size: 307KB

.vmp0
Size: 4KB - Virtual size: 4KB

.vmp2
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 308KB - Virtual size: 307KB