e8df40c18defbc5338288cb878ad28cedf593b928eb4177b51b6fa948afd6865[.]exe[.]zip

General

Target

e8df40c18defbc5338288cb878ad28cedf593b928eb4177b51b6fa948afd6865.exe.zip
Size

2.6MB
MD5

b22bf362bdd47eb6e304001da44643ee
SHA1

6459ff024a0b1b72e6648fb0a429d90993e057e1
SHA256

cca0f945f9e7401479a2129779e52c366418894a04000238f71c4d8bc080da22
SHA512

c80de17a07b51f9dc8377175c99ae297f198414ed10e700b8a3f3a715fc475481ecfeb80bb1b96f63829cd8b58e350e76212adc87c6555555c83c0db1a70599e
SSDEEP

49152:DFC+bwWwP35UK6HM1cJDlXLyrVu56CFocWki9ODGC8vo5Itm3nWMNmMks9v5MT+o:DM+bwfEHMgByc56CdDaoAZM0MkYv5MTX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/e8df40c18defbc5338288cb878ad28cedf593b928eb4177b51b6fa948afd6865.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e8df40c18defbc5338288cb878ad28cedf593b928eb4177b51b6fa948afd6865.exe

Files

e8df40c18defbc5338288cb878ad28cedf593b928eb4177b51b6fa948afd6865.exe.zip
.zip

Password: infected
e8df40c18defbc5338288cb878ad28cedf593b928eb4177b51b6fa948afd6865.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.newimp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma1
Size: 268KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 744KB

.rdata Size: 440KB - Virtual size: 440KB

.data Size: 48KB - Virtual size: 324KB

.vmp0 Size: 1.4MB - Virtual size: 1.4MB

.vmp1 Size: 148KB - Virtual size: 148KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.newimp Size: 4KB - Virtual size: 4KB

.enigma1 Size: 268KB - Virtual size: 4KB

.enigma2 Size: 244KB - Virtual size: 244KB

.text
Size: 744KB - Virtual size: 744KB

.rdata
Size: 440KB - Virtual size: 440KB

.data
Size: 48KB - Virtual size: 324KB

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

.vmp1
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.newimp
Size: 4KB - Virtual size: 4KB

.enigma1
Size: 268KB - Virtual size: 4KB

.enigma2
Size: 244KB - Virtual size: 244KB