2b738b89887a5d9d64800005f249dc2e

Sharing

Copy URL Twitter E-mail

General

Target

2b738b89887a5d9d64800005f249dc2e
Size

50KB
MD5

2b738b89887a5d9d64800005f249dc2e
SHA1

f61dae3801e4009d2e65c202dd455255aaac4810
SHA256

b6893ab5ca66501a5add80322ce8aa3b663dbba9716ec77ed442212e4b88adba
SHA512

b3d81935fb29e3ed8a5dd8ca268922b8f3542f392a33c0692731e3ca523bd1ea093e01634c1b2554b6a3bfa3c2ddb6aba56f261f19fa354cc74026d2374b39e8
SSDEEP

384:D8LESNv2oKG8Dsc4o+gT5Tes0fCXpnUtX+1rk0tZG2g7bVFvfmAOeq:D8LhutGysvoJlTpatX+1QYY2QbVFHR3q

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b738b89887a5d9d64800005f249dc2e

Files

2b738b89887a5d9d64800005f249dc2e
.dll windows:4 windows x86 arch:x86

6a3dfa7e78a943f5ee937ea59a7a4e12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetSetOptionA

ws2_32

inet_ntoa
WSAStartup
gethostbyname
inet_addr

shlwapi

SHDeleteKeyA

psapi

EnumProcesses
GetModuleFileNameExA

mfc42

ord4424
ord3738
ord4622
ord815
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord1116
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord825
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord561

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
fseek
fread
strstr
fopen
fwrite
_EH_prolog
__CxxFrameHandler
_strupr
strcpy
memcpy
sprintf
strchr
atoi
memset
fclose

kernel32

CreateProcessA
ResumeThread
DisableThreadLibraryCalls
GetModuleFileNameA
CreateThread
DeleteFileA
Sleep
FreeLibrary
DeviceIoControl
GetCurrentProcessId
lstrcatA
lstrlenA
lstrcmpA
SetThreadPriority
LoadLibraryA
GetProcAddress
WaitForSingleObject
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
MultiByteToWideChar
LocalFree
LocalAlloc
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableA
GetShortPathNameA
CloseHandle
CreateFileA
ExitProcess
GetSystemDirectoryA
GetStartupInfoA
FreeLibraryAndExitThread
lstrcpyA
VirtualFreeEx

user32

CharUpperA

advapi32

LookupPrivilegeValueA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

Exports

Exports

SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a3dfa7e78a943f5ee937ea59a7a4e12

Headers

File Characteristics

Imports

wininet

ws2_32

shlwapi

psapi

mfc42

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 16B

.vmp0 Size: 4KB - Virtual size: 1KB

.vmp1 Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 16B

.vmp0
Size: 4KB - Virtual size: 1KB

.vmp1
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB