334b0146f08f2f23c5da72d82e7705836cc504e86e79e66e4e4b423c91ad1efa

Sharing

Copy URL

Twitter E-mail

General

Target

334b0146f08f2f23c5da72d82e7705836cc504e86e79e66e4e4b423c91ad1efa
Size

10.3MB
MD5

8199091c471810e292ce733d456aec04
SHA1

539f6b6d7b818fb02d5613fefdba7dcc63d8d91d
SHA256

334b0146f08f2f23c5da72d82e7705836cc504e86e79e66e4e4b423c91ad1efa
SHA512

d1041b0d3322eda6ff27d07e3d72c91c36c4408bd10e13e7dcf8474cab9d66c70bd55c7cbfbebe43b9ce267d861060a2a45168dcda85af461e7a538869476f1c
SSDEEP

196608:E9TMF9bVn1q2R93lJwP+VeQSPdWHqNFnuv/6/1iPXFi0B9fbCbpp6ZwXW6:8I9bN1BR91Jq+oEE//CzClplv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
334b0146f08f2f23c5da72d82e7705836cc504e86e79e66e4e4b423c91ad1efa

Files

334b0146f08f2f23c5da72d82e7705836cc504e86e79e66e4e4b423c91ad1efa
.exe windows:5 windows x86

1f0cb54216da05af2ca9c193791372ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

crypt32

CryptStringToBinaryA

user32

GetDlgItem

iphlpapi

GetAdaptersInfo

winmm

midiStreamStop

ws2_32

WSAStartup

version

VerQueryValueA

rasapi32

RasGetConnectStatusA

gdi32

CreateCompatibleDC

msimg32

GradientFill

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

SafeArrayCreate

odbc32

ord4

comctl32

ImageList_Duplicate

wininet

InternetCloseHandle

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f0cb54216da05af2ca9c193791372ac

Headers

File Characteristics

Imports

kernel32

crypt32

user32

iphlpapi

winmm

ws2_32

version

rasapi32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 3.5MB

.rdata Size: - Virtual size: 10.0MB

.data Size: - Virtual size: 634KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 10.3MB - Virtual size: 10.3MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 3.5MB

.rdata
Size: - Virtual size: 10.0MB

.data
Size: - Virtual size: 634KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 10.3MB - Virtual size: 10.3MB

.rsrc
Size: 8KB - Virtual size: 7KB