4e3782a31b1f348fd3988efa5bee138d9bc6d34eeb46aac38e2d9314f6d62155

Sharing

Copy URL Twitter E-mail

General

Target

4e3782a31b1f348fd3988efa5bee138d9bc6d34eeb46aac38e2d9314f6d62155
Size

377KB
MD5

4f16e4934a5d578ccaf5ee206df1558c
SHA1

9416318c7bb2e1b7ba7db0b526cb1d1563d7285d
SHA256

4e3782a31b1f348fd3988efa5bee138d9bc6d34eeb46aac38e2d9314f6d62155
SHA512

d88c549f1259fde627bd2744c1a6640678d116dd08fc5bb5c43e1bdf11ed7fcf1e9ee6badf6c22fd89e98f4c0f1ecbbc00b74ce998f1337cd6db5bad7dec7354
SSDEEP

6144:B21D2epZRbF7FFTtEwDuX7SSOTAWeVT2n+:Y1jDhTtXurSSdT2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e3782a31b1f348fd3988efa5bee138d9bc6d34eeb46aac38e2d9314f6d62155

Files

4e3782a31b1f348fd3988efa5bee138d9bc6d34eeb46aac38e2d9314f6d62155
.dll windows:6 windows x86 arch:x86

1357f092a1aa44cc25a4090e426d1946

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

AdjustTokenPrivileges

ole32

CoCreateInstance

oleaut32

SysFreeString

wininet

InternetOpenA

Exports

Exports

Compute_d
WDAlgPriKeyToCard
WDAlgPriKeyToCardPubKey
WDAlgPubKeyToCard
WDBlockDecrypt
WDBlockDecrypt_CBC
WDBlockEncrypt
WDBlockEncrypt_CBC
WDCardPriKeyToAlg
WDCardPubKeyToAlg
WDComputeDigest
WDDelCertOnMyStore
WDGetDatefromCert
WDGetIDFromCert
WDGetIssuerfromCert
WDGetSubjectfromCert
WDIsCertOnMyStore
WDPrivateKeyBlobToAlg
WDPublicKeyBlobToAlg
WDRSAGenerateKeys
WDRSAPrivateDecrypt
WDRSAPrivateEncrypt
WDRSAPrivateOperation
WDRSAPublicDecrypt
WDRSAPublicEncrypt
WDRSAPublicEncryptPKCS1
WDRSAPublicOperation
WDRSASignData
WDRSASignPKCSBlock
WDRSAVerifySign
WDRSAVerifySign1
WDRSAVerifySignedPKCSBlock
WDRegCertToMyStore
WDRegRootCert
WDRegUserCert
WDRevMemCopy
WDSCardEncodeSignData
WDSCardEncodeSignData1
WDStreamDecrypt
WDStreamEncrypt

Sections

.text
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp3
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1357f092a1aa44cc25a4090e426d1946

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 130KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: - Virtual size: 7KB

.vmp1 Size: 45KB - Virtual size: 45KB

.vmp0 Size: - Virtual size: 6KB

.vmp2 Size: - Virtual size: 55KB

.vmp3 Size: 174KB - Virtual size: 174KB

.reloc Size: 512B - Virtual size: 228B

.rsrc Size: 45KB - Virtual size: 45KB

.text
Size: - Virtual size: 130KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: - Virtual size: 7KB

.vmp1
Size: 45KB - Virtual size: 45KB

.vmp0
Size: - Virtual size: 6KB

.vmp2
Size: - Virtual size: 55KB

.vmp3
Size: 174KB - Virtual size: 174KB

.reloc
Size: 512B - Virtual size: 228B

.rsrc
Size: 45KB - Virtual size: 45KB