37d02109babaeaf27c8e855a49f610de

Sharing

Copy URL Twitter E-mail

General

Target

37d02109babaeaf27c8e855a49f610de
Size

191KB
MD5

37d02109babaeaf27c8e855a49f610de
SHA1

89a16ff77ea0e2df2d14c3d26ba8c9b7768804d8
SHA256

ea15d6489f04a7a22698a99c974adb389769155cb82f1502c8753ef0fc24777c
SHA512

1d6a47deed10d9f58812c4ac3f8db235d35f016aa81cbaeeea720bcef273ccd46aa8ed3b83ebd796663b43ca375d103e1a18e8fb9aa423627797a34ae2fc59ce
SSDEEP

3072:e/K6ISLuS4jy6E4AKqM/EldHUjnbrhaM1jeIsEgWXeerGeK6pX51/xmC9LDnOitf:9IB4jy6EHScldw/h5sDWXe+GeDJ1/Pxa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37d02109babaeaf27c8e855a49f610de

Files

37d02109babaeaf27c8e855a49f610de
.exe windows:4 windows x86 arch:x86

8ce23f724b1e313218536cacadce5fca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
ExitProcess
WinExec
CreateDirectoryA
Sleep
GetLastError
DeviceIoControl
MoveFileA
GetWindowsDirectoryA
FindResourceA
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
lstrcatW
GetWindowsDirectoryW
GetVersionExA
GlobalFree
LoadLibraryExA
GlobalAlloc
LoadResource
LockResource
GetSystemDirectoryA
CreateFileA
SizeofResource
WriteFile
CloseHandle
DeleteFileA
FreeResource
VirtualProtect

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ControlService

shell32

ShellExecuteA

msvcrt

fopen
fclose
fprintf

Sections

.code
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

000002A4
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ce23f724b1e313218536cacadce5fca

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

Sections

.code Size: - Virtual size: 8KB

.idata Size: - Virtual size: 4KB

000002A4 Size: - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 176KB

.vmp0 Size: - Virtual size: 44KB

.vmp1 Size: 188KB - Virtual size: 188KB

.reloc Size: 1024B - Virtual size: 536B

.code
Size: - Virtual size: 8KB

.idata
Size: - Virtual size: 4KB

000002A4
Size: - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 176KB

.vmp0
Size: - Virtual size: 44KB

.vmp1
Size: 188KB - Virtual size: 188KB

.reloc
Size: 1024B - Virtual size: 536B