3476deb75801446ac3a3df7326dcac73

Sharing

Copy URL

Twitter E-mail

General

Target

3476deb75801446ac3a3df7326dcac73
Size

920KB
MD5

3476deb75801446ac3a3df7326dcac73
SHA1

863b9c8518e6542d69b8b413766158c0f1a2b1a0
SHA256

0e531029c9914e235afd9f2312bfeb6e78303c5afb5e3c5cc753a7825c132944
SHA512

69cf604c777ea7c41353378523686b8e2b5e6912b35f82c0d8ec34aa569975d53f15e085424f8c899b9e12ddf3532c9e7e07a41cd19016120ee4de0a9213ce1b
SSDEEP

12288:mJ63CEYPtxrkzDxQnvfQBao68kZHRfEBUDOumP2f4sWAoBfg7HI1ShDebZB:mJzKDGnVeARf4P2wjBfEo1M0Z

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3476deb75801446ac3a3df7326dcac73

Files

3476deb75801446ac3a3df7326dcac73
.exe windows:6 windows x86 arch:x86

a275f272c751c03e7bdf2c543a31f4c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow
MessageBoxA

advapi32

RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance

ws2_32

WSAStartup

shlwapi

PathFileExistsW

winhttp

WinHttpQueryHeaders

quartz

AMGetErrorTextW

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a275f272c751c03e7bdf2c543a31f4c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

winhttp

quartz

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 190KB

.data Size: - Virtual size: 57KB

.rsrc Size: 177KB - Virtual size: 180KB

.vmp0 Size: - Virtual size: 89KB

.vmp1 Size: 742KB - Virtual size: 741KB

.reloc Size: 512B - Virtual size: 144B

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 190KB

.data
Size: - Virtual size: 57KB

.rsrc
Size: 177KB - Virtual size: 180KB

.vmp0
Size: - Virtual size: 89KB

.vmp1
Size: 742KB - Virtual size: 741KB

.reloc
Size: 512B - Virtual size: 144B