fece140201e4b7c37ea3f4c2dafa1511

Sharing

Copy URL Twitter E-mail

General

Target

fece140201e4b7c37ea3f4c2dafa1511
Size

5.4MB
MD5

fece140201e4b7c37ea3f4c2dafa1511
SHA1

5cd4f8c127f4a3360fef1505ab7f74b0487671ca
SHA256

39ebc1927caa9f027440ea661a7b33c40beb2a12537bb8c990f73e654941d1c5
SHA512

11b77ac1832f74391dc6e21e8afb83d682caf033085ee9b7b0cd350caab0a1521c9d01aa70a229f9cf957d8b54897ed8af189292677cac9b5a851fef0f440078
SSDEEP

98304:wt5Np6uBP/1/N23NFnQuCRrvjBRwSfwtw2Rf3tfWjr2r:Ifp6uBP/X2dVQ39vISfu9fwrE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fece140201e4b7c37ea3f4c2dafa1511

Files

fece140201e4b7c37ea3f4c2dafa1511
.exe windows:5 windows x86 arch:x86

d4e59c53feaa0b57ae9a7558e235059d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
AreFileApisANSI
GetDriveTypeW
DosDateTimeToFileTime
GetProcessHeap
GetSystemDirectoryW
SetFilePointer
UnlockFile
GlobalSize
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
OutputDebugStringW
SystemTimeToFileTime
GlobalFree
GlobalLock
GlobalAlloc
GetModuleFileNameW
GetSystemInfo
GetProcessHandleCount
GetCurrentProcess
OpenEventW
CreateEventW
DeviceIoControl
DuplicateHandle
VirtualFreeEx
VirtualAllocEx
VirtualAlloc
ResumeThread
GetExitCodeThread
CreateRemoteThread
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
ReadFile
FindNextFileA
FindFirstFileA
FindClose
CreateDirectoryA
LoadLibraryA
FlushFileBuffers
HeapCompact
LockFileEx
HeapReAlloc
DeleteFileW
GlobalUnlock
FlushViewOfFile
GetProcAddress
GetModuleHandleA
GetSystemDirectoryA
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetProcessWorkingSetSize
CheckRemoteDebuggerPresent
IsDebuggerPresent
CopyFileA
GetLocalTime
FileTimeToSystemTime
GetFileAttributesExA
GetFileAttributesA
WritePrivateProfileStringA
GetModuleHandleW
OpenProcess
TerminateProcess
GetTickCount
MoveFileA
CreateProcessA
Sleep
DeleteFileA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetTimeZoneInformation
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetCurrentThreadId
GetCurrentProcessId
GetLastError
OutputDebugStringA
WriteFile
GetStdHandle
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
CreateFileA
DecodePointer
GetFullPathNameW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateSemaphoreW
ReleaseSemaphore
VirtualFree
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
GetFileType
GetEnvironmentVariableA
MoveFileExA
GetThreadTimes
VerifyVersionInfoW
FormatMessageA
GetVersionExW
GetSystemTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetCurrentThread
QueueUserAPC
CreateWaitableTimerW
WaitForMultipleObjects
SetWaitableTimer
SleepEx
ResetEvent
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
PeekNamedPipe
SetLastError
RaiseException
VerSetConditionMask
SetEvent
LocalFree
LoadLibraryExW
FreeLibrary
OpenFileMappingW
FlushInstructionCache
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
MulDiv
lstrcmpiW
InitializeCriticalSection
GetLocaleInfoW
GetStringTypeW
LCMapStringW
CompareStringW
FormatMessageW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SwitchToThread
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileInformationByHandle
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OffsetRect
IsRectEmpty
PtInRect
OemToCharBuffW
EnumWindows
FindWindowExW
IsClipboardFormatAvailable
GetClassNameW
EmptyClipboard
GetWindow
SetClipboardData
GetWindowTextW
CloseClipboard
OpenClipboard
ExitWindowsEx
SystemParametersInfoA
LoadIconW
GetCursorPos
MessageBoxA
GetWindowRect
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
IsIconic
IsWindowVisible
GetWindowPlacement
SetWindowPos
ShowWindow
SendMessageTimeoutW
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
GetWindowThreadProcessId
IsWindow
SendMessageW
GetClipboardData
MsgWaitForMultipleObjects
PostThreadMessageW
FillRect
MonitorFromRect
DrawTextW
DestroyIcon
SystemParametersInfoW
SetClassLongW
GetClassLongW
RemovePropW
SetPropW
MenuItemFromPoint
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemCount
GetSysColor
SetCaretPos
GetCaretBlinkTime
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CreateIconIndirect
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetPropW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
IsMenu
GetAsyncKeyState
GetDesktopWindow
GetActiveWindow
UnionRect
MapVirtualKeyW
ReleaseCapture
AnimateWindow
PostQuitMessage
TrackMouseEvent
LoadCursorW
GetFocus
GetKeyState
EqualRect
IntersectRect
InflateRect
CopyRect
SetRectEmpty
SetRect
SetCursor
CharNextW
CreateWindowExW
CallWindowProcW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
ClientToScreen
HideCaret
CreateCaret
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
GetWindowDC
SetActiveWindow
UpdateWindow
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
SetCapture
SetFocus
PostMessageW
DestroyWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
MoveWindow
IsZoomed
GetDlgItem
CharUpperBuffW
MessageBoxW

gdi32

SetViewportOrgEx
Polyline
TextOutW
SetTextColor
ExtSelectClipRgn
SaveDC
RoundRect
RestoreDC
Pie
IntersectClipRect
GetTextExtentPoint32W
GetClipRgn
ExcludeClipRect
Ellipse
Arc
SetRectRgn
RectInRegion
PtInRegion
OffsetRgn
GetRgnBox
GetRegionData
CreateRectRgnIndirect
CreateRectRgn
CombineRgn
CreatePatternBrush
GetDeviceCaps
CreatePen
SetBkMode
Rectangle
CreateSolidBrush
CreateFontIndirectW
CreateRoundRectRgn
GetStockObject
GetObjectW
SetPixel
SelectObject
GetPixel
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetClipBox
CreateDIBSection
BitBlt

shell32

Shell_NotifyIconW
DragAcceptFiles
DragQueryFileA
ShellExecuteW

ole32

PropVariantClear
RegisterDragDrop
CoWaitForMultipleHandles
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
OleLockRunning
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
RevokeDragDrop
OleInitialize

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupAccountSidW
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetUserNameW
RevertToSelf
OpenThreadToken
SetThreadToken
ImpersonateNamedPipeClient
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
CryptHashData
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shlwapi

PathFileExistsA
PathFileExistsW
StrToIntExW
PathCombineW

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW
GetProcessMemoryInfo

wininet

InternetTimeToSystemTimeA

gdiplus

GdiplusShutdown
GdipLoadImageFromStream
GdipSaveImageToStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage

iphlpapi

GetAdaptersAddresses

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

msvcrt

_getpid
strspn
wcsncpy
isupper
_cexit
_amsg_exit
__wgetmainargs
atexit
_initterm
_lseeki64
log
pow
sin
cos
?before@type_info@@QBEHABV1@@Z
??9type_info@@QBEHABV0@@Z
??8type_info@@QBEHABV0@@Z
_strtoui64
_strtoi64
?terminate@@YAXXZ
_fstat64
strpbrk
_isctype
_isatty
_fmode
_wcmdln
__set_app_type
__dllonexit
iswctype
exit
_exit
_c_exit
__p__commode
_unlink
_access
_read
_write
wcstol
wcsncmp
wcschr
system
_wtoi
_wtof
malloc
??_V@YAXPAX@Z
_time64
?name@type_info@@QBEPBDXZ
_gmtime64
ceil
__RTDynamicCast
strftime
localeconv
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
strtod
atoi
free
calloc
_wcsicmp
strrchr
_errno
isdigit
memset
fseek
memcpy
memchr
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
tolower
??2@YAPAXI@Z
_close
fputc
fwrite
fgets
wcspbrk
_open
_CIexp
_CIsqrt
__CxxFrameHandler
__DestructExceptionObject
__doserrno
_XcptFilter
_control87
strtoul
strtol
strerror
strncpy
strstr
qsort
strchr
_aligned_malloc
_aligned_free
_wsplitpath
_localtime64
??4exception@@QAEAAV0@ABV0@@Z
??3@YAXPAX@Z
_mktime64
feof
_strdup
fopen
ferror
_wfopen
_wcsdup
_wcslwr
_wcsnicmp
wcsrchr
wcsstr
isspace
_Strftime
_Gettnames
_Getmonths
_Getdays
_wfsopen
__uncaught_exception
_CIpow
strcspn
realloc
ldexp
frexp
fputs
abort
_endthreadex
___lc_handle_func
___mb_cur_max_func
__pctype_func
___lc_codepage_func
setlocale
strncmp
??_U@YAPAXI@Z
_sys_nerr
_sys_errlist
_timezone
_dstbias
ftell
_iob
_unlock
_lock
_ctime64
ungetc
setvbuf
fsetpos
fread
fgetpos
fgetc
rand
srand
__RTtypeid
_mkdir
_filelength
rename
remove
_fsopen
_fileno
fflush
fclose
memmove
_beginthreadex
_msize
_getdrive
_wfullpath
mbtowc
_CIlog10
_clearfp
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_wcstoui64
__setusermatherr

msvcp60

_Tolower
_Wcrtomb
_Strcoll
_Strxfrm
_Toupper
_Getctype
_Getcoll
_Mbrtowc

oleaut32

SafeArrayPutElement
VariantInit
VariantClear
GetErrorInfo
SafeArrayCreate
SysAllocString
SafeArrayDestroy
SysFreeString

ws2_32

listen
__WSAFDIsSet
sendto
recvfrom
freeaddrinfo
getaddrinfo
send
WSASocketW
WSASend
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
shutdown
setsockopt
select
accept
bind
recv
ntohs
ntohl
connect
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
closesocket

mswsock

GetAcceptExSockaddrs
AcceptEx

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenStore
PFXImportCertStore
CertEnumCertificatesInStore
CryptStringToBinaryW
CertFreeCertificateChain
CryptDecodeObjectEx
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain

msimg32

GradientFill
AlphaBlend

wldap32

ord167
ord127
ord27
ord26
ord117
ord41
ord142
ord73
ord216
ord14
ord46
ord219
ord145
ord79
ord133
ord147
ord208
ord301

wtsapi32

WTSSendMessageW

Exports

Exports

��{��'#CT�'g(�W�`a&Jf�"��8��j�5�U2�F�I��b�Q�@��RX��r��Y-s�W?A�1��U��v�zh֛��آ�M��o>a��"f�b�{m�ݏ� vZ ��W��K,��U��d̃��B��ʁ$��I�ͨB��^��Z��k��4��z�/m^��kDѥ �M��d?��`��Ws��+�]uR/�CY�] ��qX��|��Aԣ�e3��VN�K�/��h�I4�DD��V�_��s�dg��" ��V�� ~g��@�x�H�9�b?o[�eMX��%x�Z��&��4rT�՛�Ŕ��D&c?=��Gc��V�?V6��^��d�@p�� d�`{(�^*m�ʽ��e�~Tv�*K��B�o3�n��Fr�p�T!��~Bl��T��X�qUF"�U|j�j;*EH�e�4�j�&��jW��"_��14onu>�bM;��Utc< �w�-s#b�O��i@6�K��A�e�t�W�Ug>]� `Z�&HH��7�<Ҫ��Wm�f�*`��x�}�jڴ\S�ܬXv�0-�>�-��2��&ɮ�i��;��6МEW�S�A��[ȘՆ&)X�)]U >>*&�3�ߥ��+�1�hTw)��m²(�V}w5F�ɩ��pn]��܇�75�D~��ƺ@,\c^�(5v��!��z��M�0�yY�Y6��)S5RDY:ו��H��0W15(�7�8J�l�^�ѝ�Ŵ��gF2� bywg�j�*��2�ی�^2�I��{N�4y�PJ��D�ȭs�u��0��n�ԛ�S<ū �> �}t��%��[fT��f8�t��s.t�a킂��U ��RK��2襘ɏ8#�ww@� ��ڒ�>�h'Gp��B�)rk`��^�&W�=�hD��G�"��b�̳V��u�`�H��M��$��bg֛30�b�'��aJo��`�K��/}(/��y��:��dS�K��UX�� iO�R�|z�YdZ G�x�j0�y��"��[�:*�}�S;3��c8�R E�N�CY8�֧S��ꬢI�Nڷ�3��~r��x�+�K@��q��y{+뢞^��H�֨��pR��ap� �$/O�D��}��E�b��=-��I8x$E��j/��1�� (��:}3��2�F��I��Vi�S��(8�M��O��uIa9y"m�vH2a�^[<>��Q� k��g��C6��M�Tj.PMf��t��n��}��q�?�[��=!��H9�_9�R�g5��L�0�ko��$�,N�u%?��jvA&L.X��)p5��x"#�g�3Jrɸ�S��r#7'7vn��I~L�&z�W��b!*j��*�{�]*�7��)Ah��N�~�^su~�_�9��U��<�;��5=u�e�M��1��VAZP�>-u��ݠ�?��z�E��M�N�0gb��u}�}~��Upk��+��h K6�9��5��v��0��{ج��B_��< �QWÛ,+��^� J��uo=�o܇4�Q�;��y�ť�V��K)U�q�m�/�X�<��%�o'��#��ק��*Bos�0��z��RJWu�-Lp|��X%|��,C]�/-'��Q�G�E��$�� O�A�� Lл4t��|& {��+�wA�n wXAa!�-��<e ��#d'�T��v_�� h>bW�`�}MBg,�{�i��>C~��g,��J��hot�d��)��V��ht��C�}�J�L[�M�폨ٱ��o �܈{�'� 1�1��@�'&��6G� D�&�-{��;{?�8��Z<Z3M$7��,y��n1�"l��r'��L�mWXd_��b�9�s�i2M3�WW^��3?˰��PW§P�d�a�yy(7}��<��b�܈�r�E��G'2��ħ�9t��e1��C��eU� .��K-ϱ��U*9�m��p�5��njLY�7��6"z�N��z��߶`�� z�Z��yC쌍��T�yiY7x��d�4��Ͻ7�;�25MLB��/O��9�5!�7��7@��Fꟍ��Ѯ>��u+��$W�@�p��8�j��uc��&)!�w��۽$�!�E;� ��L�b-}/_5 q y��e�nGDh��]CZ�܁G$W3��,~��y7ӯ1��r��-��ޱ�D�v�] :�=8�S��I��1� �^4�@r[��\뫏n�|�L٩:�K-S��={�*��G�w��ZT}�!��Q/u걒�hEs �F��;ț��*��l�"�TS7�J��lueWRr�Jy��}r1u��H<�\%kO�?f��f0+��*��_^�2 ��q�,e|pTE��0�m~��x�� s�@L�<,(��$��ѩ��A�+7s��,G�T��_,��h�_#�0@��P&%~��ɕ�zyx:� ��6�7W�&&��qr�ϺԬ;��-�j��-�͑wd�2�E_7s��c�6!�+��q��F��K��[�#iC�)@Q��5)/�g� ��ɽ�:�K�u^h̿_J�}��{��(��9>�P��nIS�n�� lJd��B"�-��uaU^�Tw3��3�IV?��Ɨ� gğ֤��^!��J �tBp嘅��z��y{ޢG'��\�s�Q:ʡ��Hl�H�� e�;Jp:P�!m��5[��ƶ��!9 �NV�+!�|�+�ɞ3�rzE��bF(BI9�$4�ģOi��p��A��p�8 ��~�тǍ풊��)"�R.��0�ذ�Ut�@�!p8�`-P�N�9/�6s��ܸ*��f�1ٽ"lL�(Sc��'

Sections

.text
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4e59c53feaa0b57ae9a7558e235059d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

comdlg32

advapi32

shlwapi

psapi

wininet

gdiplus

iphlpapi

imm32

msvcrt

msvcp60

oleaut32

ws2_32

mswsock

crypt32

msimg32

wldap32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 3.6MB

.rdata Size: 637KB - Virtual size: 636KB

.data Size: - Virtual size: 409KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 4.8MB - Virtual size: 4.8MB

.rsrc Size: 26KB - Virtual size: 42KB

.text
Size: - Virtual size: 3.6MB

.rdata
Size: 637KB - Virtual size: 636KB

.data
Size: - Virtual size: 409KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 26KB - Virtual size: 42KB