8e49b3b6352b058137cb7fc162f5bb25f3a76c588806971fd2d8bb6a29e31681

Sharing

Copy URL

Twitter E-mail

General

Target

8e49b3b6352b058137cb7fc162f5bb25f3a76c588806971fd2d8bb6a29e31681
Size

9.0MB
MD5

eaf7451c0e5d7af86bf3fd2a7aac68f1
SHA1

5f11d6c129ca49195535241b3cf77fe14527b470
SHA256

8e49b3b6352b058137cb7fc162f5bb25f3a76c588806971fd2d8bb6a29e31681
SHA512

b7e33cd0559a7fd7836a902f7613f12a29b6a1dfb64dc5b4f45cce22b1ab9e6081c226fb28c847dad536e8e2b07a8f2f1853660772433e270351dad9a6c93388
SSDEEP

196608:JuonhbRpkQ3sFo5c4l3DALrilmeEmnCiGqTo4M0uLmFIjMFCztr3C:JxhsQkY783i4Hm3TNM1Lmajz9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e49b3b6352b058137cb7fc162f5bb25f3a76c588806971fd2d8bb6a29e31681

Files

8e49b3b6352b058137cb7fc162f5bb25f3a76c588806971fd2d8bb6a29e31681
.exe windows:5 windows x86

3a7831f8095306b1c5966d8a8a7202bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EmptyClipboard
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetTextExtentPoint32W

gdiplus

GdipSetStringFormatTrimming

kernel32

GetVersionExA
GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CreateStreamOnHGlobal

shell32

DragFinish

imm32

ImmGetCompositionStringA

shlwapi

PathFileExistsA

winmm

timeBeginPeriod

advapi32

CreateServiceA

ws2_32

WSAStartup

version

VerQueryValueA

wininet

InternetGetConnectedState

winhttp

WinHttpReadData

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

dbghelp

MakeSureDirectoryPathExists

comctl32

ImageList_GetIconSize

urlmon

URLDownloadToFileA

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 814KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a7831f8095306b1c5966d8a8a7202bd

Headers

File Characteristics

Imports

user32

gdi32

gdiplus

kernel32

ole32

shell32

imm32

shlwapi

winmm

advapi32

ws2_32

version

wininet

winhttp

oleaut32

psapi

dbghelp

comctl32

urlmon

wtsapi32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 814KB

.data Size: - Virtual size: 4.3MB

.vmp0 Size: - Virtual size: 4.1MB

.vmp1 Size: 8.9MB - Virtual size: 8.9MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 814KB

.data
Size: - Virtual size: 4.3MB

.vmp0
Size: - Virtual size: 4.1MB

.vmp1
Size: 8.9MB - Virtual size: 8.9MB

.rsrc
Size: 12KB - Virtual size: 11KB