85db375d629aad69a5d49d9a454bf480eb34980836e69f9115bf5ca906ccc3d9

Sharing

Copy URL Twitter E-mail

General

Target

85db375d629aad69a5d49d9a454bf480eb34980836e69f9115bf5ca906ccc3d9
Size

7.9MB
MD5

c5ee449c61d33d49eccdda4bd40cf1f5
SHA1

780e26c1199d7659e3ed0d65ee8377f7c2d49d10
SHA256

85db375d629aad69a5d49d9a454bf480eb34980836e69f9115bf5ca906ccc3d9
SHA512

cd404d3e8358d06c99659861c754a06795edd8da348ccdcf236a01ed4b81fc62117741d907c2f6521414b1840a564a30d46772b1833336717c043975ec9c5ec2
SSDEEP

196608:Wt9MCdmn9glCNu6KURPdjRdt1I116SmVne4Ef:0HduilN6Kgv1I11xmVnVy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85db375d629aad69a5d49d9a454bf480eb34980836e69f9115bf5ca906ccc3d9

Files

85db375d629aad69a5d49d9a454bf480eb34980836e69f9115bf5ca906ccc3d9
.dll windows:6 windows x64 arch:x64

399d6f80b4a1ec248da9e37d04122007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateSolidBrush

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

inet_ntoa

wininet

InternetOpenA

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTexture

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmReleaseContext

wtsapi32

WTSSendMessageW

Exports

Exports

MIDLib_GetGameRoomCode
MIDLib_GetMachineId

Sections

.text
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

399d6f80b4a1ec248da9e37d04122007

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wininet

d3d9

d3dx9_43

dwmapi

imm32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 640KB

.rdata Size: - Virtual size: 3.5MB

.data Size: - Virtual size: 1.2MB

.pdata Size: - Virtual size: 26KB

_RDATA Size: - Virtual size: 348B

.vmp0 Size: - Virtual size: 3.5MB

.vmp1 Size: 7.9MB - Virtual size: 7.9MB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: - Virtual size: 640KB

.rdata
Size: - Virtual size: 3.5MB

.data
Size: - Virtual size: 1.2MB

.pdata
Size: - Virtual size: 26KB

_RDATA
Size: - Virtual size: 348B

.vmp0
Size: - Virtual size: 3.5MB

.vmp1
Size: 7.9MB - Virtual size: 7.9MB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 11KB - Virtual size: 10KB