5604c6036a5c400ae7e3f458a3233f8133902d9a4599ae3f2fbb4e63783d0a19

Sharing

Copy URL

Twitter E-mail

General

Target

5604c6036a5c400ae7e3f458a3233f8133902d9a4599ae3f2fbb4e63783d0a19
Size

1.3MB
MD5

af8d299e18515eb1aaf6b0cc9b5865ca
SHA1

c229ad38bd5ad1afdd8c9a53608cc48d8046714b
SHA256

5604c6036a5c400ae7e3f458a3233f8133902d9a4599ae3f2fbb4e63783d0a19
SHA512

ee1b7775e7af3646bebaefd04be0cd2cfdde847d2547630e263268dc850a0a4379756eaf13b6e4e22305232dfbb00afe673e7bb06f8139b8ddc4d30af692c8ab
SSDEEP

24576:QBR91N4boQt5YtrYep6ukgogysqfNccA0aPQcjC:mtNbuwHkQ2Ncka7j

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5604c6036a5c400ae7e3f458a3233f8133902d9a4599ae3f2fbb4e63783d0a19

Files

5604c6036a5c400ae7e3f458a3233f8133902d9a4599ae3f2fbb4e63783d0a19
.dll windows:4 windows x86

ef88e2591a7762c464835eb3834dc3a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapValidate
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetWindowRgn
MessageBoxA

gdi32

CreateSolidBrush

comdlg32

GetSaveFileNameA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

DragQueryFileA

comctl32

ImageList_SetOverlayImage

oledlg

ord3

ole32

OleDestroyMenuDescriptor

olepro32

ord253

oleaut32

VarDateFromStr

wsock32

connect

Exports

Exports

GetInstallDetailsPayload
SignalChromeElf
SignalInitializeCrashReporting
StartAntiLsp

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef88e2591a7762c464835eb3834dc3a7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

Exports

Exports

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 130KB

.data Size: - Virtual size: 101KB

.idata Size: - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 12KB

.vmp0 Size: - Virtual size: 75KB

.vmp1 Size: - Virtual size: 860KB

.vmp2 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 232B

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 130KB

.data
Size: - Virtual size: 101KB

.idata
Size: - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 12KB

.vmp0
Size: - Virtual size: 75KB

.vmp1
Size: - Virtual size: 860KB

.vmp2
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 232B