bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b[.]exe[.]zip

General

Target

bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe.zip
Size

5.3MB
MD5

c83c4bc0ddd238e7671c208ded37a8de
SHA1

729f9fc45bff218c5408718838dfa868362ee735
SHA256

3f5565810804e80344f5f81ef3801f0c8c84fe5164bb6d025ce27acfe064c400
SHA512

7ce300b99b4e6009001af73fdaf99ac8bb5d75228a81e53c605192a52a2887955c350d7e26ad49588c49c78a241bd2abfa072efbaf2f909cc2b3ffeda298533d
SSDEEP

98304:YFAQgKNRW20wN4lZ3MSge06gf80TlISrFt/ijFmmj6O+Etfn9I+rqy/bjYafs3Mx:YGQgERWPjV5Ol7ynxjqE5u+rNH303M97

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe

Files

bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe.zip
.zip

Password: infected
bc2d1dfe530ba768a713e578892577e8dd8af8853c46662650231dd8acae080b.exe
.exe windows:6 windows x86

5c65159f765791a3ae73895b771c241d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

kernel32

GetCurrentProcessId
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TranslateMessage
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5c65159f765791a3ae73895b771c241d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

wtsapi32

Sections

.text Size: - Virtual size: 233KB

.rdata Size: - Virtual size: 28KB

.data Size: - Virtual size: 53KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 233KB

.rdata
Size: - Virtual size: 28KB

.data
Size: - Virtual size: 53KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B