0af3e41c2dd185aeea7b4e0ca8749230 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0af3e41c2dd185aeea7b4e0ca8749230
Size

24KB
MD5

0af3e41c2dd185aeea7b4e0ca8749230
SHA1

eb0d1380e357bf864520d9a95cf3f27b123fc264
SHA256

f047f99a510730c066270b97786a8752fd880beb216e84d634dbe64240840949
SHA512

dcdf7ce3be51e340d12ddc4d67f95458d48293cd1eb379c4bb4ee7a7634b31470f22434d5aa21d18948c8a43c675426e9edc0e2d9342792728eb3a9601472c5c
SSDEEP

768:aNh3H4gj0roW4kAOA91UtIApc0XZmuIPnBfoW:4zsv4LH9cpcyZ/IPi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0af3e41c2dd185aeea7b4e0ca8749230

Files

0af3e41c2dd185aeea7b4e0ca8749230
.dll windows:5 windows x86 arch:x86

c1c6f08829227989abeb4341604e1ba9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
htons
shutdown
recv
socket
closesocket
send

kernel32

GetProcAddress
WriteProcessMemory
VirtualProtect
GetModuleHandleA
GetThreadPriority
SetThreadPriority
HeapCreate
HeapDestroy
GetCurrentThread
lstrlenA
GetTickCount
MultiByteToWideChar
LocalAlloc
lstrcmpiW
LocalFree
MapViewOfFile
GetLastError
LoadLibraryA
CreateFileMappingA
GetExitCodeThread
OpenFileMappingA
CreateThread
FreeLibrary
HeapAlloc
GetCurrentProcess

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ