d6349c99132521c22cbdf0c70c92cc7ff6a701f22ce82d17116c6ae6956a1247 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6349c99132521c22cbdf0c70c92cc7ff6a701f22ce82d17116c6ae6956a1247
Size

6.8MB
MD5

6728e0aeca290c5a1bc4975b211bff08
SHA1

ca578df3d820fbc2d0f05bc6656ffdbf6bd05e1c
SHA256

d6349c99132521c22cbdf0c70c92cc7ff6a701f22ce82d17116c6ae6956a1247
SHA512

31f8dec50fa95fd07727ee05f21c84d5eb24680bc2fbd564d09d8c003f6d81dbe3643c73801d457b24259de3aa4e67467825d469c0e649b6ed414fe4c1892b21
SSDEEP

196608:149ifmqeJF3Uu+PG0nS8I6qIQkcAYAOf1RUw:149OChnAnS8K9Q

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6349c99132521c22cbdf0c70c92cc7ff6a701f22ce82d17116c6ae6956a1247

Files

d6349c99132521c22cbdf0c70c92cc7ff6a701f22ce82d17116c6ae6956a1247
.dll regsvr32 windows:5 windows x86

9e74e122ff6daeab4a92610375b6871d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames

wtsapi32

WTSSendMessageW

kernel32

VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.8MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ