0393e955a10be8e23d09edf4343c8069

Sharing

Copy URL Twitter E-mail

General

Target

0393e955a10be8e23d09edf4343c8069
Size

4.7MB
MD5

0393e955a10be8e23d09edf4343c8069
SHA1

1736267d099fe65eafef10ddfffd5509fdd29546
SHA256

77e355d1df432ee49f0727090f6a65bf90243eece1d6aec2a9c08f9e854fbd05
SHA512

f8bd9977a286a7554b0ae6625f3a8e47724f3e01e7e37e582b2df8b7734de7c45bc339e403d1d772ede4741dbbab449eef1b98689d3eabcaecf697ff86fb4031
SSDEEP

98304:sXbqYBkMXCucBcHq7bpxAM7imykNsbmYjj+PQDh:IpBaiHq3J7tNsbmY/VD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0393e955a10be8e23d09edf4343c8069

Files

0393e955a10be8e23d09edf4343c8069
.exe windows:6 windows x86 arch:x86

f27580d6a56a05cb342a0a0f3cc70666

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteW

urlmon

URLDownloadToFileW

vcruntime140

memset

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

wtsapi32

WTSSendMessageW

Exports

Exports

�� _q��X�;9:Hs¡��`c��]&wt��*1T*H(�:��2��ܘ�݅��ۋ�0�Bb%P��ea"XH��㧞C}Hd�� /��SVH�� ^8��o��y��B�UlF�`ڛ1r��M;�ЯMŗ*�!�w��|�Y)׮��'��>�ʂ��5Q�Ӭ��e�R5��]>�� H|Ρ��'Ų��5��&�Cp$G�o��Y��<�vyK�P��-��a�;mP�v�Z�-t��ؙ�b��z�Q��_�d��x,)7�6r�O�vr39n�PFN��.��k��/ގD�U<"t��-��R�"�^V�K��Fx�ʻw�r*we�VaJ��[]$+(�Cke�aKL��.(HhZ΁�͒Z0G�}�DeumM��.��^Ҷ�a�#�_R:��o�j3o��;��-��r��e��\!��L�=]�yXN�0��u7RE��W=�t�Iӯ�h��YV�k��LԠ�n_$rԥd�W��t��hڷ��Lu>��C��#y-�2�S`��)� ��[�M�{��f��@�.�ث�}Q�}��=��S�6޼��8�ĂĴ0F��u0/��c|�{��l<��栓�S��XΤ�>��(��@�x�<i�`g�KRN��̅Y��R��J�Z�̕1s�M��>�!z��e�$�(QEM�Ze�?7@ƾ��(:d�ؗٿ?NPr:�� ɀ�Q�v�8 �w��]��%��(}��ʹ��ev3X��f� ��8>��z��d21��2*^5{.�ċk�6��rF��J�;Rٺ� ��`s�u�7��%�1��؞3�,��U�-|��P{�pX��ګ#[�AԖ_X��b̏9�� *�V��bb��᣼P��CM��.��r�b��]nP��V�V��Qv"I%\��@[J5�uM�X��@/�6�t��3�^��co��V ��J�q��QG�i�ټ��l��x��l/G�� j¼��&�԰?�џ�=P�uDS�~XgS�E૿��w� ��XV6�@cm�n�^*�4��6Ȁ8h��s��F��u�(��ȍ�j�Ua`�;r��jW�/f��T��6�f��hn��3�w]T ��a]�`u�)��ҭ�B��J\��V9��,dBK7�QZ�~�|�)P�D�C��g=��hۨ��մ:��Z ��9 B�:�M ��]��7�w��>(�C��(Y�h?Nȉ�S{85.$�￰^-�9, �.CB��PFdB&��a��b��F��,v��_q�r7��+�|��d�3{h�eT?��er�XwZ�!\��/��O�l4��p�.��CG+ͼ��ҘW\͏ѴG8rP��7��ԇ��N��B4I4��?��;��\$� �0g�djU{�Peu��U��]=��Ǜ8�[�F�~�Xy��D��Й�]V�!v�~� �g{�M��dc�3�'�茜��a'�!�6h�m9��)��Ȳ39��^�}x�~�?:PR��@�`��*=�'rT�-rYƌ�.)��g�1�9��xh��Uݽ$!�,�9꜇��ɨE*��x�A��c�{��Dz֚w �e�=H�s/��!��$�4�� j�2Śφ�s�h�]�vنP��V��t�U��2E�M�Һ R��"#&1s��0+��$�h%�\*%u��Xm�0Y�af��D\jD�/��X�`f��iF�Ѵ��Ǐ_w�f��W��W�p�u/��k��.��kL��γk*%�F�{%M��"[��Q�#��/��1ȏ��R�fst��W��խ9#;�8��j��O%��~�~ͺ�ލ�n��U��!��)�H�!��c`=��n>�lLӒ�f�M��Ը�V��N�Ƌ0"H�8�0��vę)�)A.!e��a��A��(YiU�:�q��{�v��Z��&A#��2�c�4)��D�g�%�}X�!8Ք��g�E��j�V�;��\)W��@�C�oD��x��]�{1iY��`d`��2��u��[Af�]�b�T��h(�7�%TF�ҩ�m�� l��:��e��F�`��.~M�-G�X��j�*��cq��4&��'=� �Z��o7��x�#R_B�vw�e�\��`#_��/6��yy*o(u��m��7�6�%��AJ8�y�z��TD#N�y�p@��+�q��دz]=��5�;D��j��I$��aӄ��͎��}�T�z��.��6�m�:@�M�lA�)�G�e��Yc��@c�_<&��c$��A�V9yb~]Ev�xIk��Lv��}^I<a�J��h��*�`[�� ʲ)P;$�q�"oB{ی�lP�8ip�H"��xD��d�Rt��F�0<C��}�ٗn�6��XI>�z�4�|[,.��l� �=2��)��e��2g}��h'R��7��{B^2Jۦf�噒tD��_��X��ֹ�23�ng4��Z2.�Su��b��L㦥̯~m�U��.j��9#��\��JA v�C̅�7�>��>di`c�x3"L�c��b5��g�p�X ��H�I� ��-*0��r7�@�x#m�v!n�g�eĀ Lς �(oQ�~G=x��I"��J��$[�C�b��y�P�qB��1��|p��Ի*U}��!��fے��9fY�?p&�.��R�*#m �a��h�2��ŏZ8橄��:�Sw�N�K�q�b�iN;M� >�N��O�+�C�@x� ��"�%�n��dm�|��SL$%B(8��\��ڈ�.@��H��؝�W}y�T.��wH��^�]�m��㪲mX7��Sv��j�=��43�v��l6�뚘9

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f27580d6a56a05cb342a0a0f3cc70666

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

urlmon

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 3KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 904B

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 4.7MB - Virtual size: 4.7MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 3KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 904B

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 4.7MB - Virtual size: 4.7MB

.rsrc
Size: 512B - Virtual size: 480B