ea2acc62927f2dd1feec453e11edc443a0f4838f1dc5a4621358f93ce284fab4

Sharing

Copy URL Twitter E-mail

General

Target

ea2acc62927f2dd1feec453e11edc443a0f4838f1dc5a4621358f93ce284fab4
Size

8.4MB
MD5

64343cadc14ac8117059766893f71b16
SHA1

2e9665d01533d38ae5c59a1e39240a2b317a1038
SHA256

ea2acc62927f2dd1feec453e11edc443a0f4838f1dc5a4621358f93ce284fab4
SHA512

022b54f2f438d0fde534685fbc9e7c953c7c2a0d6f3249d208d28454d84b828815ee5c705dc339d189c774742892a114973794942b8d33b3e6ca641b2ac612c8
SSDEEP

196608:eK1+8BkK+DN7f13cypAiOqwbeyBzvehYeGCug9n7884jf:lHBk5z3X3OqwiCrehYeGkR4j

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea2acc62927f2dd1feec453e11edc443a0f4838f1dc5a4621358f93ce284fab4

Files

ea2acc62927f2dd1feec453e11edc443a0f4838f1dc5a4621358f93ce284fab4
.dll windows:6 windows x86

d1690e1f6e4a423aae7fb7a9f80bf92a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlInitUnicodeString

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetMenuDefaultItem
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

PtVisible

msimg32

TransparentBlt

winspool.drv

ClosePrinter

advapi32

RegEnumValueA

shell32

DragQueryFileA

shlwapi

PathStripToRootA

uxtheme

GetThemePartSize

ole32

CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime

gdiplus

GdipFree

oleacc

AccessibleObjectFromWindow

imm32

ImmGetContext

winmm

PlaySoundA

wtsapi32

WTSSendMessageW

Exports

Exports

EntryPoint

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1690e1f6e4a423aae7fb7a9f80bf92a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 395KB

.data Size: - Virtual size: 39KB

.vmp0 Size: - Virtual size: 5.4MB

.vmp1 Size: 8.4MB - Virtual size: 8.4MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 395KB

.data
Size: - Virtual size: 39KB

.vmp0
Size: - Virtual size: 5.4MB

.vmp1
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB