454b5383f3d99587335d2c85d3b54206cc0b3a3525fc55f627b95605c9dc76f7

Sharing

Copy URL Twitter E-mail

General

Target

454b5383f3d99587335d2c85d3b54206cc0b3a3525fc55f627b95605c9dc76f7
Size

5.5MB
MD5

0febdd32e94d24e928b20c6254f5c97f
SHA1

6ecad3acced71557470eeed2b7cba1413f6ccb6d
SHA256

454b5383f3d99587335d2c85d3b54206cc0b3a3525fc55f627b95605c9dc76f7
SHA512

420e343b3a82c4db4aee265f7a2e1ac74ce9d2a09a891f1874fa586d1a30abbcd67aef428d6dff26cd6bf466f4a1c9fd0cb26856666b4cdfb6734fb99518c173
SSDEEP

98304:64SIk4ZXRgTlKt8g+uUtrpMucBsXXWuAvYMsaCXhkRPP9Hdy:6BjgXI1swNAvnKyRdy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
454b5383f3d99587335d2c85d3b54206cc0b3a3525fc55f627b95605c9dc76f7

Files

454b5383f3d99587335d2c85d3b54206cc0b3a3525fc55f627b95605c9dc76f7
.exe windows:6 windows x64 arch:x64

d910780e43eb6473c6ca334d8a16a8af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.symtab
Size: - Virtual size: 59KB

IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d910780e43eb6473c6ca334d8a16a8af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Sections

.text Size: - Virtual size: 392KB

.rdata Size: - Virtual size: 449KB

.data Size: - Virtual size: 373KB

.idata Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 6KB

.symtab Size: - Virtual size: 59KB

.vmp1 Size: - Virtual size: 3.1MB

.vmp2 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 512B - Virtual size: 156B

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: - Virtual size: 392KB

.rdata
Size: - Virtual size: 449KB

.data
Size: - Virtual size: 373KB

.idata
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 6KB

.symtab
Size: - Virtual size: 59KB

.vmp1
Size: - Virtual size: 3.1MB

.vmp2
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 512B - Virtual size: 156B

.rsrc
Size: 27KB - Virtual size: 27KB