35960b2bd0403d10575e9c47cd49cb3d

Sharing

Copy URL

Twitter E-mail

General

Target

35960b2bd0403d10575e9c47cd49cb3d
Size

741KB
MD5

35960b2bd0403d10575e9c47cd49cb3d
SHA1

27e447c4890f0435b05ce29d45c3d69f642e1a37
SHA256

ac4ea3ddf70a9c1cef58fde81f2d3affcfa40c88b73c6d33f35a236c54b3a4b9
SHA512

10da9435225ecbc9e446ad3caf7ec7b74caa63ef017f58a9f2d6e9e8c1e9ec47784328c7b942821efa7622d6643167309165a8c9b7a967ecf7298db96094145a
SSDEEP

12288:3svcHfucAr8RbUGm767eeBGp31T2g8R/YKJG5XC1dwzDm4GZJPjL8Jicq:3sUHfB6+rBGoYKU5S1cdyJjT5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35960b2bd0403d10575e9c47cd49cb3d

Files

35960b2bd0403d10575e9c47cd49cb3d
.dll windows:4 windows x86 arch:x86

71f92b2e5c1ad31af9e048971cad7d6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
GlobalSize
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetTopWindow

advapi32

OpenSCManagerA

oleaut32

SafeArrayDestroy

version

GetFileVersionInfoA

gdi32

SetWindowOrgEx

ole32

OleDraw

comctl32

ImageList_EndDrag

shell32

Shell_NotifyIconA

urlmon

UrlMkGetSessionOption

wsock32

select

oleacc

AccessibleObjectFromWindow

ntdll

NtClose

gdiplus

GdipDeleteGraphics

iphlpapi

GetExtendedTcpTable

imagehlp

MapFileAndCheckSumA

ws2_32

WSAIoctl

atl

AtlAxWinInit

Sections

CODE
Size: - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 734KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71f92b2e5c1ad31af9e048971cad7d6a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

urlmon

wsock32

oleacc

ntdll

gdiplus

iphlpapi

imagehlp

ws2_32

atl

Sections

CODE Size: - Virtual size: 770KB

DATA Size: - Virtual size: 75KB

BSS Size: - Virtual size: 14KB

.idata Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 96KB

.vmp1 Size: 734KB - Virtual size: 734KB

.reloc Size: 512B - Virtual size: 188B

.rsrc Size: 5KB - Virtual size: 30KB

CODE
Size: - Virtual size: 770KB

DATA
Size: - Virtual size: 75KB

BSS
Size: - Virtual size: 14KB

.idata
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 96KB

.vmp1
Size: 734KB - Virtual size: 734KB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 5KB - Virtual size: 30KB