2c5e6cadc1e9cfb8b460283c5ce08554c86d8fd9a3908b1394930ffbdb79d0fc

Sharing

Copy URL

Twitter E-mail

General

Target

2c5e6cadc1e9cfb8b460283c5ce08554c86d8fd9a3908b1394930ffbdb79d0fc
Size

552KB
MD5

7181983a7a9887f32ba166400cef5fea
SHA1

a63b129b5235210ca1c9fc735aef6751682f2558
SHA256

2c5e6cadc1e9cfb8b460283c5ce08554c86d8fd9a3908b1394930ffbdb79d0fc
SHA512

82efb1a6ea2221b3e7b7419d5938b4533d553e788bdbc426f51c2830c29bf872bf18b96294d8bf569110d055a915798235a9bb101e134570babdb63a523cde7f
SSDEEP

12288:H4rXCUdWWu/+7PxpvKIVX2ovMb9Zs7Mlodh8KTk:UmAPxpvKcXtvS7lWSK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c5e6cadc1e9cfb8b460283c5ce08554c86d8fd9a3908b1394930ffbdb79d0fc

Files

2c5e6cadc1e9cfb8b460283c5ce08554c86d8fd9a3908b1394930ffbdb79d0fc
.dll windows:4 windows x86 arch:x86

4f625dfa09b72c3f6a5a87da9fd5b9df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage

comdlg32

GetFileTitleA

advapi32

SetTokenInformation

ole32

CoCreateInstance

oleaut32

LHashValOfNameSys

wininet

InternetSetOptionA

shlwapi

PathFileExistsA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

msvcrt

strncmp

shell32

SHGetSpecialFolderPathA

Exports

Exports

BR_Send
BR_SetSvrAckHandler
BR_SetSvrIP
BR_UserInit

Sections

.text
Size: - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 540KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f625dfa09b72c3f6a5a87da9fd5b9df

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

wininet

shlwapi

wtsapi32

userenv

msvcrt

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 102KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 97KB

.vmp0 Size: - Virtual size: 435KB

.vmp1 Size: 540KB - Virtual size: 537KB

.reloc Size: 4KB - Virtual size: 236B

.rsrc Size: 4KB - Virtual size: 716B

.text
Size: - Virtual size: 102KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 97KB

.vmp0
Size: - Virtual size: 435KB

.vmp1
Size: 540KB - Virtual size: 537KB

.reloc
Size: 4KB - Virtual size: 236B

.rsrc
Size: 4KB - Virtual size: 716B