ed40e31bca2e013c81444b2c3dc5fa875ca114c6559df5f78ede7c2e027f39ef

Sharing

Copy URL Twitter E-mail

General

Target

ed40e31bca2e013c81444b2c3dc5fa875ca114c6559df5f78ede7c2e027f39ef
Size

2.2MB
MD5

fe4e9c7b2ded39bb66d14f317c8a0529
SHA1

d7c4cfe856fb1650cab176a14025fdcbf7060969
SHA256

ed40e31bca2e013c81444b2c3dc5fa875ca114c6559df5f78ede7c2e027f39ef
SHA512

2a82aee7611a503827bbad9551135d3906feab917788b2052fe8196247c9e24078f6d29a996318c5a0ce2f4609b1e951171aac8364bbd8a1b688e20c54cdeec6
SSDEEP

49152:x2OFf+mxAcAVmrQU1OrMoILXPXqnmZZakVEQzQY:oEJScAQrQSklrYZaLQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed40e31bca2e013c81444b2c3dc5fa875ca114c6559df5f78ede7c2e027f39ef

Files

ed40e31bca2e013c81444b2c3dc5fa875ca114c6559df5f78ede7c2e027f39ef
.exe windows:5 windows x86 arch:x86

463a87ca8d646db9e62fab66a618b65c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

ioctlsocket

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

rasapi32

RasHangUpA

kernel32

GetSystemTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCursorPos

gdi32

TextOutA

winspool.drv

DocumentPropertiesA

comdlg32

GetSaveFileNameA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CreateILockBytesOnHGlobal

oleaut32

SafeArrayCreate

comctl32

ord17

oledlg

ord8

wininet

InternetSetOptionA

Sections

.text
Size: - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

463a87ca8d646db9e62fab66a618b65c

Headers

File Characteristics

Imports

winmm

ws2_32

msvfw32

avifil32

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

Sections

.text Size: - Virtual size: 609KB

.rdata Size: - Virtual size: 1.0MB

.data Size: - Virtual size: 379KB

.vmp0 Size: - Virtual size: 931KB

.vmp1 Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 124KB - Virtual size: 120KB

.text
Size: - Virtual size: 609KB

.rdata
Size: - Virtual size: 1.0MB

.data
Size: - Virtual size: 379KB

.vmp0
Size: - Virtual size: 931KB

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 124KB - Virtual size: 120KB