5358ded9fcb207c639ba800a03dd3c87186d380e5c3eaa709ceb97fad52cfeff

Sharing

Copy URL Twitter E-mail

General

Target

5358ded9fcb207c639ba800a03dd3c87186d380e5c3eaa709ceb97fad52cfeff
Size

3.2MB
MD5

69b80acad5b4f56bd3e0e48725879adc
SHA1

6c739ec8d62d77e5c850830d54208d56d9e98c96
SHA256

5358ded9fcb207c639ba800a03dd3c87186d380e5c3eaa709ceb97fad52cfeff
SHA512

c462f8faf3c61701a31c10f7163ac6c7f670fa1ceeb50a4019a2bdfd5b935303ceafdc2e41b1a20c6e1b70a61d7d42295202e792928da754695b1fce8de6c499
SSDEEP

49152:F0OE+meiX2zsfpkpK5qrSNhkNxUT9Qyu6wiHuDbyJ6fLpdR7ViIfwjn696nZlgBX:qOVmBUsBk7EGW9QXf0679tkMBR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5358ded9fcb207c639ba800a03dd3c87186d380e5c3eaa709ceb97fad52cfeff

Files

5358ded9fcb207c639ba800a03dd3c87186d380e5c3eaa709ceb97fad52cfeff
.dll windows:5 windows x64 arch:x64

b0f8f60b531294bd0b86148f91ae40c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

hid

HidD_GetManufacturerString

setupapi

SetupDiEnumDeviceInterfaces

shlwapi

StrStrIA

advapi32

SetSecurityDescriptorDacl

winscard

SCardTransmit

user32

GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

KSJLic_GetLicenseType
KSJLic_GetProducts
KSJLic_GetStatus
KSJLic_ModifyUserPassword
KSJLic_ReportLicStatusString
KSJLic_StartActivationWizard
KSJLic_WebLogout
SFNTCounterDecrement
SFNTDecrypt
SFNTEncrypt
SFNTEnumServer
SFNTGetDeviceInfo
SFNTGetFeatureInfo
SFNTGetLicenseInfo
SFNTGetServerInfo
SFNTReadRawData
SFNTReadString
SFNTSetContactServer
SFNTSetHeartbeat
SFNTVerify
SFNTWriteInteger
SFNTWriteString

Sections

.text
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0f8f60b531294bd0b86148f91ae40c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

hid

setupapi

shlwapi

advapi32

winscard

user32

Exports

Exports

Sections

.text Size: - Virtual size: 65KB

.rdata Size: - Virtual size: 25KB

.data Size: - Virtual size: 22KB

.pdata Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 512B - Virtual size: 132B

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 65KB

.rdata
Size: - Virtual size: 25KB

.data
Size: - Virtual size: 22KB

.pdata
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 512B - Virtual size: 132B

.rsrc
Size: 512B - Virtual size: 434B