d53102bd311579f308c0d5efbc9c67215c489b17cf607e52bdb436f7c67a6ebd

Sharing

Copy URL Twitter E-mail

General

Target

d53102bd311579f308c0d5efbc9c67215c489b17cf607e52bdb436f7c67a6ebd
Size

6.5MB
MD5

1df09117580872622b48afd592e91af6
SHA1

9d8f9c023ac6adb9375248a56a5b034235224de0
SHA256

d53102bd311579f308c0d5efbc9c67215c489b17cf607e52bdb436f7c67a6ebd
SHA512

ca6cd001cd9679af9e2675bbff0f0806de304de3f7c4e7a5ac51dc14c7ddbaa26fa52c4102613c99ec79fe5524bc8df86881c88e56ee1b547dfd005e8104db05
SSDEEP

196608:cNHGQMBqSmCJwK4tKJmPBVpvcfen2HYFf:4mJqIJwtdpPvp2HOf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d53102bd311579f308c0d5efbc9c67215c489b17cf607e52bdb436f7c67a6ebd

Files

d53102bd311579f308c0d5efbc9c67215c489b17cf607e52bdb436f7c67a6ebd
.exe windows:6 windows x64 arch:x64

540871c9b3dd55532e7548e25e39ef97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140

ord6565

kernel32

GetCurrentDirectoryA
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegSetValueExA

comctl32

InitCommonControlsEx

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

540871c9b3dd55532e7548e25e39ef97

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

advapi32

comctl32

urlmon

wininet

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 48KB

.rdata Size: - Virtual size: 41KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 4.6MB

.vmp1 Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: - Virtual size: 48KB

.rdata
Size: - Virtual size: 41KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 4.6MB

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 6KB - Virtual size: 5KB