5a532758d55f7549f949999b9ee17a1612cdcb3d98ddecf9b8abb034f1571534

Sharing

Copy URL Twitter E-mail

General

Target

5a532758d55f7549f949999b9ee17a1612cdcb3d98ddecf9b8abb034f1571534
Size

2.3MB
MD5

b050d03daa0af530144a59b064d150c3
SHA1

af5cb6b301e04a7498f0015fc5370583a1dddd72
SHA256

5a532758d55f7549f949999b9ee17a1612cdcb3d98ddecf9b8abb034f1571534
SHA512

25944a6be8f4af9ab6f2b7bf8db5d0d0d342bc8b372fbe1cd34fdc889332f2ae5f7889510a0f6cdb386016ad3baf9bcc1097df154fbd42e8935d010487aba1ff
SSDEEP

49152:Nng6BoQaRIAm8BTSrsMnwPmdUR/u4/vmGALpl0fVVOONuiN:RrmBrm8BerPnaulp6fjLuO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a532758d55f7549f949999b9ee17a1612cdcb3d98ddecf9b8abb034f1571534

Files

5a532758d55f7549f949999b9ee17a1612cdcb3d98ddecf9b8abb034f1571534
.dll windows:4 windows x86 arch:x86

6b47f7d7c10ed6e7a425cfcba9deb909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

winmm

midiOutReset

ws2_32

closesocket

kernel32

GetVersionExA
GetVersion
CompareStringW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DeleteMenu

gdi32

CreatePen

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

OleRun

oleaut32

SysAllocString

comctl32

ImageList_DragLeave

comdlg32

GetOpenFileNameA

Exports

Exports

??3��?ID
?��????
A2W
D��????
GetLv
Getname
huazhi
ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite
��?��3��D��2?
��?��????��?��??��?��
��??��_��?API��??��

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b47f7d7c10ed6e7a425cfcba9deb909

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 791KB

.data Size: - Virtual size: 502KB

.vmp0 Size: - Virtual size: 1.2MB

.vmp1 Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 4KB - Virtual size: 208B

.rsrc Size: 12KB - Virtual size: 22KB

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 791KB

.data
Size: - Virtual size: 502KB

.vmp0
Size: - Virtual size: 1.2MB

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 4KB - Virtual size: 208B

.rsrc
Size: 12KB - Virtual size: 22KB