e0c52c1460b53113d1afa029ef92faecc20340a91637c501364d49a95619deca

Sharing

Copy URL Twitter E-mail

General

Target

e0c52c1460b53113d1afa029ef92faecc20340a91637c501364d49a95619deca
Size

10.7MB
MD5

232f998a7caf8a139651863ec4246ba2
SHA1

a2ac1174d438f08359de9336b84d29a831557c28
SHA256

e0c52c1460b53113d1afa029ef92faecc20340a91637c501364d49a95619deca
SHA512

9206930189aacb2a82a93549b1ad7eb46fb0254b10cac04e9c668e7ebe09c4e254406f22009d6ba166d217cf0aea8f5d1330b30e6fff887652c8e1730ecf2958
SSDEEP

196608:JqkMYnWeP5YtNDmXi3wLNouXkfgllvpoXMADV1MHCPBSPGADDe:z/0urNkfylvpjMGEQPG+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c52c1460b53113d1afa029ef92faecc20340a91637c501364d49a95619deca

Files

e0c52c1460b53113d1afa029ef92faecc20340a91637c501364d49a95619deca
.exe windows:5 windows x86

0895b701aaa07be5304d2462dbd4bce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qt5core

?qt_metacast@QParallelAnimationGroup@@UAEPAXPBD@Z

qt5gui

??0QColor@@QAE@W4GlobalColor@Qt@@@Z

qt5widgets

?metaObject@QFrame@@UBEPBUQMetaObject@@XZ

kernel32

GetTickCount
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

libeay32

ord492

hidapi

hid_init

msvcp120

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z

msvcr120

_fmode

ws2_32

connect

shell32

CommandLineToArgvW

wtsapi32

WTSSendMessageW

Exports

Exports

ى�:S�煐{�dP;�j�];T;��|a��݌u巤��[�GD͔��VKm��ñ,��(S_��]�>��MiC��%Nו��F�3iBvW�h��=��bI'�TC��pY�HID��Glt? ��Y��&hm_��c4��e�Rx�Z,�PK}ɝ��͞��=;8F��#c_O��G�D��r� �wH6��c� /�%�։��X��v�+3 Q�:�1��\]��$��(�|�� M��)��XV�t�_��)��⛆mI�Q^�,��F��*G�_�;��;�<lG:^B"PVoCI��W|>9�g�x0�e��B�E�{SU��i� �'��[�Hj4AتO#��Hm��,�uT|��fu(�r��d�J�K��/�q�q�Qm�+��ʷ�w�\֫JM��PM��:�KK>�2�}�ύ��A.m�5��ſӦ�o�*k��]�3�(Q��놱�u��VD�� y��&��j�=��t�B�l��*Bu|�� = �Kdg��pZ��]��[d��w(T��a��LH��=�$�/�K��Rn��;�C@S��c{)W鞓��"GR�M@�`ߺ�GM�Xt\��[��m.i˩ ��E辳�a)��^:{��z��u��{h6ʒ��^�ܢ%�I#hf=��+{�nTӿ��t'Y-i�U ��d9��*��w��T �b��I�=(iS��^�=O@�"bo��`��b>��9�$��%&��U��e<l䨰��W��w�QG ;��Ϊ�S�!�~(��n��O4��Ҫi�� C/v��P�qÞ� �LG��d��V�7퍑�j��]��B`�tSs�Ka#��b³tVp�}��MR\��9��^��"��GXd�2�pn��UP8b;�'nZW��6��բ0\�+�o"��K��Cv��=f[N�xYI�R��sQ�&��Q��I{]�5~V�h�8��X<��6��y�9��k�vz��;5��M;h��}��b��+\��/lk��%�~��l��>7~Z��\9��e[*�D~z-h��o�a��>!�m��(cM�.Sz�<�S�C̢G4�4$qx� ��-b7�%xai�*�C��G��@�� 0�j�.8b�"q�$��9�^h�ɾ��) +K{��8��t\<��NX�O@��Dʃ�5�wJ�彉�?:x�!�åז{Nm��S0d|9QE}��Qv/��IUk��븑�~�b��r؁(Z#˚Z��s��_0��~��$bV�1��N�%�X�Ɍ��$D�#�6I��n:��l_��{q�W�/Dʟq��L;��ha�;dEGX ��^�5��s��;n<ƀb��P�,��ׄ�?��l�^9��z�$��>E�< �1N�z��m��9��^>��e�8۝`��Q7�#�te��;| :��LP;�^/��^�XvM�H�EJ��r��<�l�� q�،�va8D�\�V�UZr3��'[�ƫ��pGb�5�s`��o�P�M��̗c�q��,�$�-46��R5Xe��*ܤ��*��8��>N��Ϡ&K(��dO��y�v��RIu��3xN��ȹbRm�� AM�o�]�ԓ��j��>�Ⅾx��^8��w��깱rk{�x��9�)ѡ�xU-C��Y��I=��qy�l��`��K|�޼� ��e+f< ��)A��c?�2#A��Ou��LZ��Z}��O�e!乗�s_�s��P6ad3�$i�I"��k��pا\�D#\�z��术߻?�&A��=�%��A�G|��Z�v?zH�Hz�]*H��q��稫�%?v�lGdHa�G��$=��W/�C�N�&F)W,��0��E�|�Ė�ŽnO��: /�PwS��9.M�s�(��]�*&�^3iIq�ر�'�1��6:��(k7B��ꨤ+ ��en�p̀2��t�Xn��=ĉ��_Z7Q��B�ڞ�=35K'\A��/��vIXޓ��?ݫ��բH��Y՟#�r^W/�R��5��Au?|P��-�I}�}n�[w��q�7�៺��讒��$i�҃��}��@<��%��(Gۖ��h�a޴�L��u�6�G)+�md� ��9�a��ce�7��+Е��R�^�$�t�a��y�fx�V��h�I��N��,�9�V�|LLp|�ӻ��#f��8͍��P��W�3h#BY�;��䰀p��ߒ��>h��Ŷ��2f��|�b��Hr�gʲ�s�e��c��1|�W��@�>2��F��6�[1魎7��?֎)-D��j��3�%]��y�(�S�{�Dt�қՙ�N�2��x��Q�Ie{ĥۻ?��F ��3�8U� F�!��ȷ@��M�7O��2��sI�6�Z��#�� <=�C)��;��5�;��hܟ��4f�q s�[��(��(h��2�V/�<>-��L��^<��a��B�6v�"=�96��&Պ�M��U��\��#��"n��}��y8#�u��V� �;�/=*Lp`?��}%�;}��z��z ��uB� 8Q�$Ԙ ��b��+1�5 YY9��W�4>�Ґ�in��(g��࿒�<�d"�?]N��t~��Q�'n��h��6��^��qn��I+aR�Y�bu��,��~o{��˾[�;�;ה=�< ��ؔCb3�02��s9J�'){i��,�!�I��ob=/'�U��s�3�M��S� ��S%��Ө��J� ��rT��`(��ld ¶yc��6� ��B� %��L�՞IzǑ��&Ɋ]C��x

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0895b701aaa07be5304d2462dbd4bce7

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

qt5gui

qt5widgets

kernel32

user32

libeay32

hidapi

msvcp120

msvcr120

ws2_32

shell32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 154KB

.rdata Size: - Virtual size: 3.1MB

.data Size: - Virtual size: 431KB

.vmp0 Size: - Virtual size: 5.2MB

.vmp1 Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: - Virtual size: 154KB

.rdata
Size: - Virtual size: 3.1MB

.data
Size: - Virtual size: 431KB

.vmp0
Size: - Virtual size: 5.2MB

.vmp1
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 93KB - Virtual size: 92KB