7fc6cda50bfc4e963c5e6554459801ada6f41921d04c69b446f3594fcdd98d93

Sharing

Copy URL Twitter E-mail

General

Target

7fc6cda50bfc4e963c5e6554459801ada6f41921d04c69b446f3594fcdd98d93
Size

2.3MB
MD5

58916797e4781ed3d7067c33cb419faa
SHA1

4559094bfc663660fbb48964f6a21b4ccd6e7dbd
SHA256

7fc6cda50bfc4e963c5e6554459801ada6f41921d04c69b446f3594fcdd98d93
SHA512

de5cb821064a6123061d1ec64597b467eff6816230c8c6856fb5798d0a2a105e0ecae4879caec3d3d43d8eee02951f54eb459a45da71e9301dc8b6fa14699e21
SSDEEP

49152:dBF/kvudqN/rUTLtLquoPKjk+PtSUdWTCauWzLpX0xREhorGK8Xbvap9MAgC83mn:dBW6eQfdqpPgLdUPSx8rvapyAp5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fc6cda50bfc4e963c5e6554459801ada6f41921d04c69b446f3594fcdd98d93

Files

7fc6cda50bfc4e963c5e6554459801ada6f41921d04c69b446f3594fcdd98d93
.dll windows:4 windows x86 arch:x86

d49164a04182eead12ed23588ad940c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

winmm

waveOutPrepareHeader

ws2_32

inet_ntoa

kernel32

GetVersionExA
GetVersion
GetACP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

UnregisterClassA

gdi32

PathToRegion

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

RegisterTypeLi

comctl32

ImageList_Add

comdlg32

GetOpenFileNameA

Exports

Exports

??3��?ID
?��????
A2W
D��????
GetLv
Getname
huazhi
ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite
��?��3��D��2?
��?��????��?��??��?��
��??��_��?API��??��

Sections

.text
Size: - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d49164a04182eead12ed23588ad940c0

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 1018KB

.rdata Size: - Virtual size: 789KB

.data Size: - Virtual size: 502KB

.vmp0 Size: - Virtual size: 1.2MB

.vmp1 Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 4KB - Virtual size: 208B

.rsrc Size: 12KB - Virtual size: 22KB

.text
Size: - Virtual size: 1018KB

.rdata
Size: - Virtual size: 789KB

.data
Size: - Virtual size: 502KB

.vmp0
Size: - Virtual size: 1.2MB

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 4KB - Virtual size: 208B

.rsrc
Size: 12KB - Virtual size: 22KB