d69d4a92e348e56355a8f3188e4a5f7e9d4c95d3bdc6e0ec5e7d12efd6f2f120

Sharing

Copy URL Twitter E-mail

General

Target

d69d4a92e348e56355a8f3188e4a5f7e9d4c95d3bdc6e0ec5e7d12efd6f2f120
Size

2.2MB
MD5

115b1798dfde938b2ff5335b155c4699
SHA1

c620f30fecbe15851249a3b6ea66109e92191ce3
SHA256

d69d4a92e348e56355a8f3188e4a5f7e9d4c95d3bdc6e0ec5e7d12efd6f2f120
SHA512

ea0c2aac9577e8e9cdc212ca82fb1b716e1e62bf1db5475171ccde067de71d8ca97105ba81aa919fc995f2b2d35e859c7377ca007ba7434c07fb617e77b62105
SSDEEP

49152:x6frvA4fE80QtaOm3WzkU0X39Cul6HSq7iprAWxmKM9fe+LvsLus7:x6DY4FXaOm0kUKUa6Sq7iiWw7xLvsCs7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d69d4a92e348e56355a8f3188e4a5f7e9d4c95d3bdc6e0ec5e7d12efd6f2f120

Files

d69d4a92e348e56355a8f3188e4a5f7e9d4c95d3bdc6e0ec5e7d12efd6f2f120
.exe windows:5 windows x64 arch:x64

47a54202ed75031361406badfe2c648f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptSetProvParam

cabinet

ord13

crypt32

CertEnumCertificatesInStore

cryptdll

CDGenerateRandomBits

dnsapi

DnsFree

fltlib

FilterFindFirst

mpr

WNetCancelConnection2W

netapi32

I_NetServerAuthenticate2

odbc32

ord43

ole32

CoCreateInstance

oleaut32

SysAllocString

rpcrt4

RpcServerInqBindings

shlwapi

PathIsDirectoryW

samlib

SamSetInformationUser

secur32

EnumerateSecurityPackagesW

shell32

CommandLineToArgvW

user32

SendMessageW

userenv

CreateEnvironmentBlock

version

VerQueryValueW

hid

HidD_FreePreparsedData

setupapi

SetupDiGetClassDevsW

winscard

SCardEstablishContext

winsta

WinStationCloseServer

wldap32

ord69

msasn1

ASN1_CloseDecoder

ntdll

_wcstoui64

kernel32

GetVersionExA
GetVersionExW
SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

calloc

Sections

.text
Size: - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47a54202ed75031361406badfe2c648f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cabinet

crypt32

cryptdll

dnsapi

fltlib

mpr

netapi32

odbc32

ole32

oleaut32

rpcrt4

shlwapi

samlib

secur32

shell32

user32

userenv

version

hid

setupapi

winscard

winsta

wldap32

msasn1

ntdll

kernel32

msvcrt

Sections

.text Size: - Virtual size: 829KB

.rdata Size: - Virtual size: 413KB

.data Size: - Virtual size: 30KB

.pdata Size: - Virtual size: 26KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 96B

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: - Virtual size: 829KB

.rdata
Size: - Virtual size: 413KB

.data
Size: - Virtual size: 30KB

.pdata
Size: - Virtual size: 26KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 96B

.rsrc
Size: 16KB - Virtual size: 15KB