798987395d386ea9214c6a10aadf33cf6a2875ddba602f87b8aa3a3e7211aff0

Sharing

Copy URL Twitter E-mail

General

Target

798987395d386ea9214c6a10aadf33cf6a2875ddba602f87b8aa3a3e7211aff0
Size

775KB
MD5

43e2431d9f30dd1873e98ffa77646622
SHA1

63037e13bca8ef275b4ec121da56a01785c8b4ab
SHA256

798987395d386ea9214c6a10aadf33cf6a2875ddba602f87b8aa3a3e7211aff0
SHA512

27c523922ea04feb838f6c789ed50cf1e69104645a781bbe95fa6cdb07dad2f6f5b5d8a00e6962f888db7bb86f8c39e9375f0db7d6a192b1ada6f6f68b94243e
SSDEEP

24576:YweFQlanZxY5T64yYnlrMx8ELy/zLZw7pPQ9sYgrJ0G+A:Ywe05+4VlrMx8ELy/zLZw7pPQ9sYgrJX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
798987395d386ea9214c6a10aadf33cf6a2875ddba602f87b8aa3a3e7211aff0

Files

798987395d386ea9214c6a10aadf33cf6a2875ddba602f87b8aa3a3e7211aff0
.dll windows:6 windows x86

e3b13906851e101c1c8df04c7366d0b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CoUninitialize

oleaut32

VariantInit

ws2_32

closesocket

Exports

Exports

_XL_AddCrashProcess@12
_XL_AddRuntimeLogfile@4
_XL_EnableModuleLoadLog@4
_XL_EnableReportAutoRestartApp@8
_XL_EnableThreadLog@4
_XL_EnableXLDoctor@16
_XL_InitBugHandler@20
_XL_IsEnableModuleLoadLog@0
_XL_IsEnableThreadLog@0
_XL_RemoveCrashProcess@4
_XL_SetAlwaysSendReport@4
_XL_SetBugReportRootDir@4
_XL_SetBusinessName@4
_XL_SetContinueDefaultFilter@4
_XL_SetCustomInfo@4
_XL_SetPeerID@4
_XL_SetProcessWorkState@4
_XL_SetReportLanguageID@4
_XL_SetReportPath@4
_XL_SetReportShowMode@4
_XL_SetRuntimeInfo@8

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3b13906851e101c1c8df04c7366d0b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 8KB

.vmp1 Size: 308KB - Virtual size: 307KB

.vmp0 Size: 4KB - Virtual size: 4KB

.vmp2 Size: 41KB - Virtual size: 41KB

.rsrc Size: 308KB - Virtual size: 307KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 8KB

.vmp1
Size: 308KB - Virtual size: 307KB

.vmp0
Size: 4KB - Virtual size: 4KB

.vmp2
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 308KB - Virtual size: 307KB