3cbca2b010526d9ceb5aa9558f7d6cb0

General

Target

3cbca2b010526d9ceb5aa9558f7d6cb0
Size

471KB
MD5

3cbca2b010526d9ceb5aa9558f7d6cb0
SHA1

7c397591870ff127f32d1faabe892cf9946b65c5
SHA256

20b080dd1a22fd74a0da7b851ad8c3897bb60815cd749ab4e34a05f9b8d6920b
SHA512

1778cd8b5337d2d442a6c473a3a6de5a6f8d8314c09aac2ef7233879637a6eddb132fac0aee3ced439212534554ecc06d743153fcc41b84e8bc0b527b0308a5b
SSDEEP

12288:7T8ik16Q9XG6t1tTyXqxqQOW9sYq97rO06/E155DWEKllxp:7VfKXvtD8ouosYq97rb6c15vKllxp

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/TRE台服自慰改枪Bate0.4_vmp.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TRE台服自慰改枪Bate0.4_vmp.exe

Files

3cbca2b010526d9ceb5aa9558f7d6cb0
.rar
TRE台服自慰改枪Bate0.4_vmp.exe
.exe windows:4 windows x86 arch:x86

74aba2d13d59f24f8911f80546c54e06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA
MessageBoxA

kernel32

CloseHandle
IsBadReadPtr
HeapFree
LocalSize
RtlMoveMemory
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
ResumeThread
GetEnvironmentVariableA
TerminateProcess
lstrcpyn
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
VirtualProtect
GetModuleFileNameA
ExitProcess

ntdll

ZwUnmapViewOfSection

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74aba2d13d59f24f8911f80546c54e06

Headers

File Characteristics

Imports

user32

kernel32

ntdll

Sections

.text Size: - Virtual size: 12KB

.rdata Size: - Virtual size: 720B

.data Size: - Virtual size: 829KB

.rsrc Size: 24KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 472KB - Virtual size: 471KB

.reloc Size: 4KB - Virtual size: 56B

.text
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 720B

.data
Size: - Virtual size: 829KB

.rsrc
Size: 24KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 472KB - Virtual size: 471KB

.reloc
Size: 4KB - Virtual size: 56B