9a53828f24877ddc94536fcc2744d2c496e15060b584566fc632e8bf6609412b

Sharing

Copy URL Twitter E-mail

General

Target

9a53828f24877ddc94536fcc2744d2c496e15060b584566fc632e8bf6609412b
Size

11.0MB
MD5

3b854fa66e885d55d42ccba6a2004f71
SHA1

83ecb93ca71c0c90a488b08c8afcb2dc096a82ff
SHA256

9a53828f24877ddc94536fcc2744d2c496e15060b584566fc632e8bf6609412b
SHA512

630e53fcb41d94c0f916a523f0d73515efc18a0631cc1a4ebc7404fde5b2857614e8983c3ef48e8cdff85dc486bf01947c8b1955cbddcc522b90040096614ef0
SSDEEP

196608:N+lnsN/DhEXIvbaMOK8+a2c2ma4tS/+u1hncIhmc50KovbrF:MlsN/NbaHK8+rcLa4kGu1hlJovXF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a53828f24877ddc94536fcc2744d2c496e15060b584566fc632e8bf6609412b

Files

9a53828f24877ddc94536fcc2744d2c496e15060b584566fc632e8bf6609412b
.exe windows:5 windows x86

c11c17af6900770f497d8afcf036324b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

crypt32

CryptBinaryToStringA

user32

SetPropA

iphlpapi

GetAdaptersInfo

winmm

midiOutPrepareHeader

ws2_32

connect

rpcrt4

RpcStringFreeA

rasapi32

RasGetEntryDialParamsA

gdi32

SetViewportOrgEx

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoFreeUnusedLibraries

oleaut32

OleCreateFontIndirect

odbc32

ord48

comctl32

ImageList_GetImageCount

oledlg

ord8

wldap32

ord29

wininet

InternetCloseHandle

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c11c17af6900770f497d8afcf036324b

Headers

File Characteristics

Imports

kernel32

crypt32

user32

iphlpapi

winmm

ws2_32

rpcrt4

rasapi32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

oledlg

wldap32

wininet

comdlg32

Sections

.text Size: - Virtual size: 2.9MB

.rdata Size: - Virtual size: 9.3MB

.data Size: - Virtual size: 638KB

.vmp0 Size: - Virtual size: 2.1MB

.vmp1 Size: 10.7MB - Virtual size: 10.7MB

.rsrc Size: 268KB - Virtual size: 266KB

.text
Size: - Virtual size: 2.9MB

.rdata
Size: - Virtual size: 9.3MB

.data
Size: - Virtual size: 638KB

.vmp0
Size: - Virtual size: 2.1MB

.vmp1
Size: 10.7MB - Virtual size: 10.7MB

.rsrc
Size: 268KB - Virtual size: 266KB