b69f74bbc6050673a48cef7c76fcae3f304b5507397a7a65aac95bf6c8d9991c

Sharing

Copy URL Twitter E-mail

General

Target

b69f74bbc6050673a48cef7c76fcae3f304b5507397a7a65aac95bf6c8d9991c
Size

9.5MB
MD5

e412584bcdd76aec21c407022213ecb3
SHA1

5cbda00bacb664b477b51aade76103443b4e5cea
SHA256

b69f74bbc6050673a48cef7c76fcae3f304b5507397a7a65aac95bf6c8d9991c
SHA512

9f4c8943405ce1563df0fdbf0fbb8ee06faba6c025e6ccdda6b1312b1758a7b30b68cea12d2d1df52acb10ac4399aae2d8bb71ebb8c66581a33dd65098e1d7c7
SSDEEP

196608:g2ZIy4CU95V3nk++doNsT70/J2r4/qt63bpa9M8WRcWV/sc1HIWzmTengw/:/N4RNnkBmN/Ut+a9M8W3Uc1HIVinX/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b69f74bbc6050673a48cef7c76fcae3f304b5507397a7a65aac95bf6c8d9991c

Files

b69f74bbc6050673a48cef7c76fcae3f304b5507397a7a65aac95bf6c8d9991c
.exe windows:6 windows x64

9c80ded9475a1760bf49dba6eb9b583d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opencv_world440

?bitwise_and@cv@@YAXAEBV_InputArray@1@0AEBV_OutputArray@1@0@Z

gdiplus

GdipDeleteFont

libcrypto-1_1-x64

BIO_new_mem_buf

libssl-1_1-x64

OPENSSL_init_ssl

mfc140u

ord12606

kernel32

GetLastError
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

IsWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateCompatibleDC

advapi32

AdjustTokenPrivileges

shell32

ShellExecuteW

comctl32

ImageList_ReplaceIcon

shlwapi

PathFileExistsW

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString

msvcp140

?_Xbad_alloc@std@@YAXXZ

ws2_32

WSAStartup

crypt32

CertOpenSystemStoreW

winmm

mciSendCommandW

vcruntime140

__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-convert-l1-1-0

_strtoui64

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_mkdir

api-ms-win-crt-string-l1-1-0

isupper

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

sin

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c80ded9475a1760bf49dba6eb9b583d

Headers

DLL Characteristics

File Characteristics

Imports

opencv_world440

gdiplus

libcrypto-1_1-x64

libssl-1_1-x64

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp140

ws2_32

crypt32

winmm

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: - Virtual size: 492KB

.data Size: - Virtual size: 45KB

.pdata Size: - Virtual size: 72KB

.tls Size: - Virtual size: 33B

.vmp0 Size: - Virtual size: 11.5MB

.vmp1 Size: 9.3MB - Virtual size: 9.3MB

.reloc Size: 512B - Virtual size: 200B

.rsrc Size: 248KB - Virtual size: 248KB

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 492KB

.data
Size: - Virtual size: 45KB

.pdata
Size: - Virtual size: 72KB

.tls
Size: - Virtual size: 33B

.vmp0
Size: - Virtual size: 11.5MB

.vmp1
Size: 9.3MB - Virtual size: 9.3MB

.reloc
Size: 512B - Virtual size: 200B

.rsrc
Size: 248KB - Virtual size: 248KB