43bf92cd0d3a6602d6f719bf28a45fcd

Sharing

Copy URL

Twitter E-mail

General

Target

43bf92cd0d3a6602d6f719bf28a45fcd
Size

1.9MB
MD5

43bf92cd0d3a6602d6f719bf28a45fcd
SHA1

8485e4cd9aa06a3a62600757b78bcea46fe69fbf
SHA256

dd993df4663c7b6b5fdefe1182eeea74d90e678c8affeec6e8ae205cb4fc3086
SHA512

2d72a4642168c2243a40d26031459ba684dacce1792be73a4906318e70721d20f8c2009f69eebf4611b88b960034b447dce764a35a1c1442f2463decdddf3243
SSDEEP

24576:C3zMI9higmRaVuFzYz2Cw9S4QO6ssd2M5cCDRzNc+p+6HNHZC:qnig1VuFYzfO7QzcCNBvk6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43bf92cd0d3a6602d6f719bf28a45fcd

Files

43bf92cd0d3a6602d6f719bf28a45fcd
.dll windows:4 windows x86 arch:x86

8f14830b8d665befc1480a6a0c6bfd87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetProcessImageFileNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetModuleInformation

imagehlp

CheckSumMappedFile

kernel32

GetFullPathNameA
FreeResource
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
InterlockedIncrement
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
VirtualAlloc
GetVolumeInformationA
HeapReAlloc
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
ExitProcess
HeapSize
SetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetTimeFormatA
GetDateFormatA
GetACP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalUnlock
InterlockedDecrement
GetModuleFileNameW
SetLastError
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
WriteFile
lstrcatA
WinExec
GetWindowsDirectoryA
LoadLibraryExA
MulDiv
GetLocalTime
CreateDirectoryA
QueryPerformanceCounter
CreateFileA
GetFileSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
GetThreadContext
SetThreadContext
CreateMutexA
CreateSemaphoreA
ReleaseSemaphore
LocalAlloc
ResumeThread
Thread32First
OpenThread
SuspendThread
Thread32Next
GetVersionExA
WaitForSingleObject
WritePrivateProfileStringA
GetModuleFileNameA
lstrcpyA
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
OpenProcess
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryA
Process32Next
Process32First
GetProcAddress
Toolhelp32ReadProcessMemory
TerminateProcess
Module32First
Module32Next
CompareStringA
GetLastError
MultiByteToWideChar
CompareStringW
InterlockedExchange
lstrcmpiA
lstrlenA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
GetTickCount
CreateFileMappingA
CloseHandle
Sleep
LocalFree
FormatMessageA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
GetCurrentProcessId
GetModuleHandleA
VirtualProtect
RemoveVectoredExceptionHandler
GetCurrentThreadId
IsBadWritePtr
IsBadReadPtr
FindNextFileA
FindFirstFileA
GetCurrentProcess
InterlockedCompareExchange
ReleaseMutex
CreateFileW

user32

GetSysColorBrush
UnregisterClassA
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetScrollPos
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
CallWindowProcA
SetWindowPos
IsIconic
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
GetLastActivePopup
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
ValidateRect
CreateIconIndirect
GetIconInfo
FindWindowA
GetWindowThreadProcessId
MessageBoxA
PostMessageA
CharUpperA
FillRect
DestroyCursor
LoadStringA
LoadImageA
CopyIcon
SystemParametersInfoA
DestroyIcon
CreatePopupMenu
AppendMenuA
GetParent
LoadCursorA
SetWindowRgn
GetMenuItemID
ChildWindowFromPoint
PtInRect
GetMenuState
CopyRect
GetClassInfoA
ScreenToClient
WindowFromPoint
SetCursor
GetMenuItemCount
SetRectEmpty
GetSystemMetrics
IsWindowEnabled
EqualRect
SetRect
OffsetRect
GetClassNameA
EnumChildWindows
GetDesktopWindow
SetTimer
KillTimer
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
GetWindow
GetWindowTextA
GetWindowLongA
EnumWindows
CallNextHookEx
GetKeyState
GetDC
ReleaseDC
IsRectEmpty
GetSysColor
IsWindowVisible
SendMessageA
CheckMenuItem
GetWindowRect
ClientToScreen
GetClientRect
SetWindowLongA
GetCursorPos
IsWindow
GetDlgCtrlID
SetWindowTextA
EnableWindow

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
OffsetViewportOrgEx
DPtoLP
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
SetMapMode
CreateFontIndirectA
SetDIBits
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RestoreDC
SaveDC
GetClipBox
CreateDIBSection
StretchBlt
GetObjectA
CreateBitmap
GetTextExtentPoint32A
GetTextMetricsA
MoveToEx
LineTo
SetBkColor
GetDeviceCaps
CreatePen
SetTextJustification
FrameRgn
SelectClipRgn
CreateRectRgn
CreatePolygonRgn
OffsetRgn
CreateSolidBrush
CombineRgn
CreateRoundRectRgn
FillRgn
DeleteDC
BitBlt
DeleteObject
GetDIBits
TextOutA
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
SetSecurityInfo
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
FreeSid
RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegCloseKey
RegOpenKeyExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteA
SHFileOperationA

comctl32

ord17
ImageList_GetIcon
ImageList_GetImageCount

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

select
connect
inet_addr
htons
WSACleanup
WSAStartup
recv
send
closesocket
socket

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable

Exports

Exports

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@UHeroInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VCShareData@@V?$allocator@VCShareData@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCConsoleLoginAckPack@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCConsoleOnlinePack@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCShareData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCShareDataContainer@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCSharememContent@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendWithIP_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserLogin_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserRegist_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginWithGameAccountTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@UHeroInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VCShareData@@V?$allocator@VCShareData@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCConsoleLoginAckPack@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCConsoleOnlinePack@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCShareData@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCShareDataContainer@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCSharememContent@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendWithIP_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserLogin_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserRegist_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineTrasaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginWithGameAccountTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
SetVMFactory

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f14830b8d665befc1480a6a0c6bfd87

Headers

File Characteristics

Imports

psapi

imagehlp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 56KB - Virtual size: 148KB

.rsrc Size: 16KB - Virtual size: 15KB

.vmp0 Size: 96KB - Virtual size: 95KB

.vmp1 Size: 320KB - Virtual size: 318KB

.reloc Size: 64KB - Virtual size: 61KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 56KB - Virtual size: 148KB

.rsrc
Size: 16KB - Virtual size: 15KB

.vmp0
Size: 96KB - Virtual size: 95KB

.vmp1
Size: 320KB - Virtual size: 318KB

.reloc
Size: 64KB - Virtual size: 61KB