0a1e7a40707f416d4042cc1494ce705d

Sharing

Copy URL Twitter E-mail

General

Target

0a1e7a40707f416d4042cc1494ce705d
Size

832KB
MD5

0a1e7a40707f416d4042cc1494ce705d
SHA1

dabb8d4784ee7bc66ff8d1bfc190d6193d62cac4
SHA256

dd650a83f09302153324acc979ea5d435be7794da9af5cbc922dec4667b1d9cb
SHA512

1e9e34601ac828a85ca7eea87a0ad7d8da13da0476e6e9e2d582b02136ed6cf0173fd78424df05f5c94b92a69f45774f006dbd0ebb8b99762f7fb43ba517ab7a
SSDEEP

24576:Ie0oyecBgCM7X39STpfVSHbmvATagE1lCYjxhT0:90xetSfSHbmITNK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a1e7a40707f416d4042cc1494ce705d

Files

0a1e7a40707f416d4042cc1494ce705d
.exe windows:4 windows x86 arch:x86

22390d7e508947978281e4385c82d353

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamStop

ws2_32

inet_ntoa

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

kernel32

lstrcpynA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

PostThreadMessageA
MessageBoxA

gdi32

GetROP2

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoRevokeClassObject

oleaut32

SafeArrayAccessData

comctl32

ImageList_Destroy

oledlg

ord8

Sections

.text
Size: - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 752KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22390d7e508947978281e4385c82d353

Headers

File Characteristics

Imports

winmm

ws2_32

msvfw32

avifil32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

Sections

.text Size: - Virtual size: 574KB

.rdata Size: - Virtual size: 693KB

.data Size: - Virtual size: 332KB

.rsrc Size: 72KB - Virtual size: 91KB

.vmp0 Size: - Virtual size: 148KB

.vmp1 Size: 752KB - Virtual size: 750KB

.reloc Size: 4KB - Virtual size: 252B

.text
Size: - Virtual size: 574KB

.rdata
Size: - Virtual size: 693KB

.data
Size: - Virtual size: 332KB

.rsrc
Size: 72KB - Virtual size: 91KB

.vmp0
Size: - Virtual size: 148KB

.vmp1
Size: 752KB - Virtual size: 750KB

.reloc
Size: 4KB - Virtual size: 252B