254d0e18cb301fd12f0ad661938bd1bf2547b41e698729bbb59ebb4d19b9bfeb

Sharing

Copy URL

Twitter E-mail

General

Target

254d0e18cb301fd12f0ad661938bd1bf2547b41e698729bbb59ebb4d19b9bfeb
Size

117KB
MD5

17591ba33877f44b17dc77d0386fb15a
SHA1

f546b84c1bf9903876b16b150c12b827c2320dc2
SHA256

254d0e18cb301fd12f0ad661938bd1bf2547b41e698729bbb59ebb4d19b9bfeb
SHA512

17c27d4ff0fd432e0211aa7a55ed004a3e49e2f63335948aff49b4d728615187a513f5b34f51150b934f62c1e4de3daf67ea2f1d4e4dab55925dcf4fb7706dcf
SSDEEP

3072:/+lMxt5RpIIBFDqTWtPZxtMyXdUcA0VfZmYg:GlMxHfIIBZqTExLdUhWfZ3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
254d0e18cb301fd12f0ad661938bd1bf2547b41e698729bbb59ebb4d19b9bfeb

Files

254d0e18cb301fd12f0ad661938bd1bf2547b41e698729bbb59ebb4d19b9bfeb
.exe windows:5 windows x86

903472faf891db4c98514e7d045a6dd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ntdll

memset
_wtoi
memcpy

ole32

CreateStreamOnHGlobal

shlwapi

StrStrA

user32

wsprintfA
wsprintfW

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lol0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol1
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

903472faf891db4c98514e7d045a6dd0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ole32

shlwapi

user32

winhttp

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 10KB

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: - Virtual size: 61KB

.lol0 Size: - Virtual size: 13KB

.lol1 Size: 113KB - Virtual size: 113KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 10KB

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: - Virtual size: 61KB

.lol0
Size: - Virtual size: 13KB

.lol1
Size: 113KB - Virtual size: 113KB