11bc744801b516d0b84fba5850ec8789

Sharing

Copy URL Twitter E-mail

General

Target

11bc744801b516d0b84fba5850ec8789
Size

420KB
MD5

11bc744801b516d0b84fba5850ec8789
SHA1

b3e4dcfb4a2e6e0f15286b9d5664e1a3f2e89dfa
SHA256

decfaa83bf2eb9afe57a09da2d3142512a543708214608fdd19bdb7e17051a7c
SHA512

ecf88363b274855302062283e641a03ff7456b7781bbbadcf1a040730c0f36660e0f852847d7488c624afcd0f780e49427aa385e245a5d49ff986f57139eda81
SSDEEP

6144:oIEuZi3QrY8G0QtZAGQ0hBK0IauE2W0L2g2yRCSwz6cUABXA71M6KqI0KpC/tFV:R7t837AGQ0bReL5Z7C1y1M+xIct/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11bc744801b516d0b84fba5850ec8789

Files

11bc744801b516d0b84fba5850ec8789
.exe windows:4 windows x86 arch:x86

9e6637139d9549c9297cb3981a3ca96a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindCloseUrlCache

ws2_32

setsockopt

mfc42

ord609

msvcrt

abort

kernel32

GlobalUnlock
LoadLibraryA
VirtualProtect
GetModuleFileNameA

user32

FrameRect
MessageBoxA

gdi32

DPtoLP

advapi32

RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoCreateInstance

wsock32

listen

winmm

PlaySoundA

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

netapi32

Netbios

Sections

.text
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6637139d9549c9297cb3981a3ca96a

Headers

File Characteristics

Imports

wininet

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

wsock32

winmm

msvcp60

netapi32

Sections

.text Size: - Virtual size: 152KB

.rdata Size: - Virtual size: 35KB

.data Size: - Virtual size: 129KB

.rsrc Size: 28KB - Virtual size: 42KB

.vmp0 Size: - Virtual size: 142KB

.vmp1 Size: 384KB - Virtual size: 381KB

.reloc Size: 4KB - Virtual size: 96B

.text
Size: - Virtual size: 152KB

.rdata
Size: - Virtual size: 35KB

.data
Size: - Virtual size: 129KB

.rsrc
Size: 28KB - Virtual size: 42KB

.vmp0
Size: - Virtual size: 142KB

.vmp1
Size: 384KB - Virtual size: 381KB

.reloc
Size: 4KB - Virtual size: 96B