1e34eb547e4f0adc4484e641af67e3a6

General

Target

1e34eb547e4f0adc4484e641af67e3a6
Size

55KB
MD5

1e34eb547e4f0adc4484e641af67e3a6
SHA1

59e9febb72bf809b7c09d02cd234617d1d2f65d2
SHA256

d2de00d5b02fd0ac20eb4ea1aed9509fc98c62194bbc6a426c955ea929be9214
SHA512

58d43cc38a20811ba99c7c1b7ef51a2f6d642b57b711cd4e08b79301ad63ed8dfc39876db31727bf5fc002c741ff8cf41d717a8d22002233169cc88f99b3f9de
SSDEEP

1536:sMbImeWlLK3Q/tHmTCXhjx+IQurQnaZmDn8G5ybes:JreWlLK3iHRx+IzrUaUj6b

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e34eb547e4f0adc4484e641af67e3a6

Files

1e34eb547e4f0adc4484e641af67e3a6
.exe windows:4 windows x86 arch:x86

e721dc767b71f813fffa95b4e91454d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
WaitForSingleObject
Thread32Next
Thread32First
OpenProcess
Sleep
DeleteFileA
CreateThread
LoadLibraryA
WriteFile
GetSystemDirectoryA
GetCommandLineA
ExitProcess
Process32First
ResumeThread
WinExec
CreateProcessA
CopyFileA
TerminateProcess
GetModuleFileNameA
GetStringTypeA
RtlUnwind
GetStringTypeW
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
Process32Next
GetCurrentProcess
GetWindowsDirectoryA
CreateFileA
GetFileTime
CloseHandle
SetFileTime
GetLocalTime
GetCurrentThreadId
GetTickCount

user32

GetMessageA
PostMessageA
GetClassNameA
EnumThreadWindows
GetWindow
FindWindowA
GetInputState
PostThreadMessageA
GetWindowTextA
TranslateMessage
DispatchMessageA

winmm

mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
mixerOpen
mixerSetControlDetails

advapi32

RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegDeleteValueA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RwDat
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e721dc767b71f813fffa95b4e91454d1

Headers

File Characteristics

Imports

kernel32

user32

winmm

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.RwDat Size: 23KB - Virtual size: 23KB

.vmp0 Size: 20KB - Virtual size: 20KB

.vmp1 Size: 1024B - Virtual size: 528B

.text
Size: 9KB - Virtual size: 8KB

.RwDat
Size: 23KB - Virtual size: 23KB

.vmp0
Size: 20KB - Virtual size: 20KB

.vmp1
Size: 1024B - Virtual size: 528B