05e367bd6baafbe830b529142e3d0bfade54bf45d86e18f5bbd9b4520f1b3893

Sharing

Copy URL Twitter E-mail

General

Target

05e367bd6baafbe830b529142e3d0bfade54bf45d86e18f5bbd9b4520f1b3893
Size

10.7MB
MD5

3e3bdcc7f8c523691c2943744d03c770
SHA1

e9e8b0646270356769e7d62f4876f3561746ca8f
SHA256

05e367bd6baafbe830b529142e3d0bfade54bf45d86e18f5bbd9b4520f1b3893
SHA512

9b6ccdc027c8ea26c83c5f79c2ab1f34643d6e1c0b8c493efbe5c682b78ef645f9d5b57569e4f9075d05571b9c50ddce15b4e8d89625af6681d421b2e6bc3e51
SSDEEP

196608:aFlf43f9nteOygqEaFqRiuEH4o/ToeHC4F0s48YrV7b9yr+yo3yrgtHH:wM9oOqEPRiuEYoLHC4FJYrV39yqyo3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05e367bd6baafbe830b529142e3d0bfade54bf45d86e18f5bbd9b4520f1b3893

Files

05e367bd6baafbe830b529142e3d0bfade54bf45d86e18f5bbd9b4520f1b3893
.exe windows:5 windows x86 arch:x86

0895b701aaa07be5304d2462dbd4bce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qt5core

?qt_metacast@QParallelAnimationGroup@@UAEPAXPBD@Z

qt5gui

??0QColor@@QAE@W4GlobalColor@Qt@@@Z

qt5widgets

?metaObject@QFrame@@UBEPBUQMetaObject@@XZ

kernel32

GetTickCount
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

libeay32

ord492

hidapi

hid_init

msvcp120

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z

msvcr120

_fmode

ws2_32

connect

shell32

CommandLineToArgvW

wtsapi32

WTSSendMessageW

Exports

Exports

b��r�e / �,gmd>zʝ��U�{9^4�@�ܙc��T��2�,��?G��T��61�y<��ɳ�cċ׸�n�p�X� C��4N~ի�� Hm��v��]y�Q��v�|��=��_W��)|�*i�kKA��<��}�M�� ӳW�P7�āZ��h��*�ox�Vw��0)=uPZ�ä_��B��=>�b�و�#9�T�Y�a��C�|;)�_�(+~��G;��C�� 1�ˉ�a8w�X�g��+�t~��Sī�eKJ��*��[�`_�*�K�ʷ;'��c{�֑��k�0Sc��+��=�;�i�Ԧ3v��m��s�ms��4!T��K?�Q[��U�d��j��(2[�� ]��p�X;��;�<)�]s~%T��M��t>��&�H%��Z��/��y몒��H�� K�-�}q�Wcv.*�ف�3��䰵�̙��2T��U� aV��ZO�K�"n�K��c��&�%��E�o�8<]"m��п*w��5$�P9��ʲ�2R�m>��ķnF ��&�P:��7r-��~D��81 5��ĺ��0��&��[�2�z�o��Zֻ2�15m�9�,\�Bg�1͓� �ȓ��r)XA�/��L��5�N��{��{C�r�c�D n�-3��CK��4�D�9��P��)�c�e��3+�y��Nh�� 12�b# �R��@-C�@1H��σ[�@&��X�W�� G6J�e��;M��CВ�hS�+qɺ��|%�E�Brf�Q��ތ�į[u�i(��B��w5�o�ү�V�^��{ZG��3�~ ��7�gHH�E��g�� "g��t�S��jل=#=^��~�Go�� L}-I}�v��@��z�hM�ibb��ڨ�5��U�ʷD��'2��v�FhǄ-uU ̲��Ek0�7�IX!}��KN��<�1iiQ(��1J��#+��ʯ�C��͹��u��O�enq��*��>L�N?��lϮ��E��~��76X`�鍑��(~�A�K+�Vm�tp&��$\��%U9KL%��@;Z S��R�qEZ֕��#S�Q��"�;�ظȁ"'��cW� Y{&��P�K��g�q�6�K'��n7��'�l,k�$d[P��p'��}@��4�DC �o.]��dA$ �d۩J!�� |�=�L��l�7#/�~q�NB�-]'áO�"5��ڲ�r�ٙ4�W�Qc�� #H�u�&˞��{�o�i�SM��n�w�{��\��Iy��O��q��rtW�G#��'UG|�4��O� �0��L��K��_z�%�E��P\�#=��Z\�'��ë4� 7�RV�z(vn�8�l�P>}��[F�?��B�pwb�BI3Z Xz��B�:��;��W*sCI��z�=�E��]��A��lph.c��[ar[�ͤq�6�:-o,��e��6Ox��iݣ��P�#�VP��JX�ߧ�1�cK��~�{h��.Gz詅rAq�Q��W~G,�k򺌔�r b�i%��=tR��̋il4!��hTL�J*<��3{qğ��Q_��A��s�J��ّ�)�Wh*��)�Y��X�[�e��V��a��v~S�� 2�N��ڶ�z��6��ZٯP�� V��\o'X x��S��2�� d@��~�Δ��o$3��˓2|ICͻ!��'�LSv��5��J��{�� ˨h�Y7R48��j�.��;�u�I��_�jA��Lʹ`�i_�,4I��mZi.�|��rσ��X�~�nT0��t��T�Ǔ��نV�q6&��n�u��,!�"F��⏗\��0��;�� 5i�xsM�8� � cc��;��"�BI�3��@�*��"o��, N.��7N)�Kv��/=�{ԨTN��K�i8zZ*��6�'�#��$xr�g/��Z��ʄ��.U��M"�5!��=��u��?qq\��,� ��s��[0~��1"�ބ|�w ��z��ȷ��U�8�]��ꀫ�� :�nl76��^�YJ��u9*�5p��q�y+ߒ��x��B��P��r0HO��M��mR��̫�!��U8�Eo��b��x��<��:��軁�h�,��K��dph��nU��,%!��x6xQe�ي��m";λ��݄�Ⱥ�=��W��Ў�[֦cX�BPh��pw��H��9��rze��Ŋ��Ae�-C��Q_$Yz��3X��h�2�Y��Lg݉�� yK��j�D2��Q��/%\��'�}�;3�c��c%��%��[�i�kZ��H�v�;HѕEbog��ل��BE�qc�_Uܧ��Cʎһk8�� F��T3!lވUV��9�(�KT�l>��8��G�Z*�.�8b%b��8y�Iś9� ��*�X��jP��QY�x�B��,3��N� ʎ��n��v��Q��p4��`��o�"e��:N,��f��RQ�L�#?�~L%�>¨vM��Ǯ��Da.!�yy\|}�0p˸�,*Ț|�0��~CI��Q:�e��Q��A��Y��;�B܈��N��'|�~�2 ��pP��*�}L��,*BQ5�eK�EQ�'6WZ�8��V�݄��'��P��З�|P�Oh�$�-��qϾA�-DVV(.�#�:v:�c��sb��kŊ|�}m��B5�G٣��%R".�~؅`bB�܏�v�049\q&��D�1�n:[=�hNB��D��oF+B��9��Z=� �6pT��1�ʂ��&s��0��_rX

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0895b701aaa07be5304d2462dbd4bce7

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

qt5gui

qt5widgets

kernel32

user32

libeay32

hidapi

msvcp120

msvcr120

ws2_32

shell32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 154KB

.rdata Size: - Virtual size: 3.1MB

.data Size: - Virtual size: 431KB

.vmp0 Size: - Virtual size: 5.2MB

.vmp1 Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: - Virtual size: 154KB

.rdata
Size: - Virtual size: 3.1MB

.data
Size: - Virtual size: 431KB

.vmp0
Size: - Virtual size: 5.2MB

.vmp1
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 93KB - Virtual size: 92KB