2e433b9dcb1899694c6da8dd62f57664

Sharing

Copy URL Twitter E-mail

General

Target

2e433b9dcb1899694c6da8dd62f57664
Size

864KB
MD5

2e433b9dcb1899694c6da8dd62f57664
SHA1

a79aeae841714ef5f688f3ebe4a6c0d3ff64dc5e
SHA256

e68abc38fe82aff29eea3b4b30c1ae7b6385a920055ee02bc3c902f5917ad07c
SHA512

b31a894a3ab22489bcf86ef94dacd804abe9dc6440a7fab51d0656034349425cd9a65cce2ffda918ee3021503e9f4a42d1d1384a62324311263ee3d232cdb71f
SSDEEP

24576:5PKywVKQAcJMAKr+YHfbRW92FNX+PUwQTm:5CXK2KrtbROaX+Pw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e433b9dcb1899694c6da8dd62f57664

Files

2e433b9dcb1899694c6da8dd62f57664
.dll windows:4 windows x86 arch:x86

a4d4ce53be280596894f849e56b2b29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutOpen

ws2_32

closesocket

kernel32

GetFileType
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateAcceleratorA

gdi32

GetObjectA

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ord17

comdlg32

GetSaveFileNameA

Exports

Exports

?��CALL
RunDllHostCallBack

Sections

.text
Size: - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 848KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4d4ce53be280596894f849e56b2b29b

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 562KB

.rdata Size: - Virtual size: 113KB

.data Size: - Virtual size: 183KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 77KB

.vmp1 Size: - Virtual size: 488KB

.vmp2 Size: 848KB - Virtual size: 844KB

.reloc Size: 4KB - Virtual size: 244B

.text
Size: - Virtual size: 562KB

.rdata
Size: - Virtual size: 113KB

.data
Size: - Virtual size: 183KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 77KB

.vmp1
Size: - Virtual size: 488KB

.vmp2
Size: 848KB - Virtual size: 844KB

.reloc
Size: 4KB - Virtual size: 244B