3b325de9ff5318a1d71875b7e108190b

Sharing

Copy URL

Twitter E-mail

General

Target

3b325de9ff5318a1d71875b7e108190b
Size

1.2MB
MD5

3b325de9ff5318a1d71875b7e108190b
SHA1

613112959e20ace2a692ab6beeb16c9f864928d6
SHA256

6bd45a15a02d11ae7fe489bdfa30c9aad64527b85cd41956292780f7a1a33de4
SHA512

f45473b340e3498f63fcdc9a7fb62c8fe6303e6578796179ac3954eff5e089daf1d340dcf54e7779facf1cd89cdf571a777ffc5f9af9b506c36e991f45fb4b69
SSDEEP

24576:mJ53bHm/wfxA+ghCjPfk9vz+6HhAawT7wm0pfd92FcEEaplW7QEIl7pJEGe7h3WU:65rweCzUf0RhYvIl92FHTpdEIMGyv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/aimbot 27.9.exe	vmprotect
static1/unpack001/aimbot.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aimbot 27.9.exe
unpack001/aimbot.dll

Files

3b325de9ff5318a1d71875b7e108190b
.zip
Teleport Z8.JPG
.jpg
aimbot 27.9.exe
.exe windows:5 windows x86 arch:x86

eaac98d27f5371153cb3881cdbaa9328

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord517

kernel32

FindResourceExW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 800KB - Virtual size: 798KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aimbot.dll
.dll windows:4 windows x86 arch:x86

26693d2574200a3c1b465aff0f450570

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC

gdi32

DeleteObject

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib.dll
teleport PH.JPG
.jpg

Sharing

General

Malware Config

Signatures

Files

eaac98d27f5371153cb3881cdbaa9328

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Sections

.text Size: - Virtual size: 52KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 850KB

.vmp1 Size: 800KB - Virtual size: 798KB

.rsrc Size: 8KB - Virtual size: 4KB

26693d2574200a3c1b465aff0f450570

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: - Virtual size: 139KB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 22KB

.sxdata Size: - Virtual size: 8B

.vmp0 Size: - Virtual size: 91KB

.vmp1 Size: 184KB - Virtual size: 181KB

.reloc Size: 4KB - Virtual size: 192B

.text
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 850KB

.vmp1
Size: 800KB - Virtual size: 798KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: - Virtual size: 139KB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 22KB

.sxdata
Size: - Virtual size: 8B

.vmp0
Size: - Virtual size: 91KB

.vmp1
Size: 184KB - Virtual size: 181KB

.reloc
Size: 4KB - Virtual size: 192B