c64e73ab1d8e09da31c17f29436b1a8813bcf4b87ff6f3d5e5e08bff20c083af

Sharing

Copy URL Twitter E-mail

General

Target

c64e73ab1d8e09da31c17f29436b1a8813bcf4b87ff6f3d5e5e08bff20c083af
Size

6.3MB
MD5

20aac3324cc2c694f3a7fadcc54bc259
SHA1

de121acc21eac1e248086408a89f30861b926f16
SHA256

c64e73ab1d8e09da31c17f29436b1a8813bcf4b87ff6f3d5e5e08bff20c083af
SHA512

6d52193731f02eceeb7c1c72c660f8c15bb5e35965f1da4880fb683706c608b15948af7e254ca759c9a61a0ea80b83162bb9355d51856b4e68dc3d57c92d9e6a
SSDEEP

98304:W1WgvBBY8AZAVpQTZq/1k27AIOgoeAIwaF2Id+gQ4nap7kYx1bTbLlYKZx9BmTwZ:XgvrYqB/iIHAWFTd+gvnk7Nx1brdCw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c64e73ab1d8e09da31c17f29436b1a8813bcf4b87ff6f3d5e5e08bff20c083af

Files

c64e73ab1d8e09da31c17f29436b1a8813bcf4b87ff6f3d5e5e08bff20c083af
.exe windows:5 windows x86 arch:x86

3cd4ff6fbdfde76af3a31ab3cf4c6123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OffsetRect
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ole32

CoUninitialize

oleaut32

SysFreeString

shell32

SHGetSpecialFolderPathA

kernel32

InitializeCriticalSectionAndSpinCount
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegOpenKeyExA

gdi32

TextOutA

gdiplus

GdipSetStringFormatLineAlign

comctl32

ord17

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cd4ff6fbdfde76af3a31ab3cf4c6123

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

oleaut32

shell32

kernel32

advapi32

gdi32

gdiplus

comctl32

wtsapi32

Sections

.text Size: - Virtual size: 352KB

.rdata Size: - Virtual size: 104KB

.data Size: - Virtual size: 11KB

.gfids Size: - Virtual size: 744B

.tls Size: - Virtual size: 9B

.vmp0 Size: - Virtual size: 3.7MB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 266KB - Virtual size: 265KB

.text
Size: - Virtual size: 352KB

.rdata
Size: - Virtual size: 104KB

.data
Size: - Virtual size: 11KB

.gfids
Size: - Virtual size: 744B

.tls
Size: - Virtual size: 9B

.vmp0
Size: - Virtual size: 3.7MB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 266KB - Virtual size: 265KB