701e4399669e3c450c5b8de25f1db6ef

Sharing

Copy URL Twitter E-mail

General

Target

701e4399669e3c450c5b8de25f1db6ef
Size

1.7MB
MD5

701e4399669e3c450c5b8de25f1db6ef
SHA1

1f72e5539749fecc66c192ec008ffede416797ae
SHA256

e1d10c2028bc288801cb18c2a4f6bd31c63e8836f971166feee685f7f7d4defb
SHA512

11cb7159a0c5f085b69e3e5525cac658fe3a3ae3de4f3f21f29e8993f32738a74eb0823fca143a117348fc6cb84fbb31f930566cb3a1bea9bf755368d6f3353e
SSDEEP

24576:dNSqCMhKdhTbz1eUpzzrR8WsF1H+fDFoNyyXnksasoLbF7f7LWl3Pkkf39kNg:d0yGXzTtrsTUFGyy3kLTFLWlHf9ke

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
701e4399669e3c450c5b8de25f1db6ef

Files

701e4399669e3c450c5b8de25f1db6ef
.exe windows:4 windows x86 arch:x86

e719b41848890a65c57f7c465b85a065

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

kernel32

GetFileType
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

MapDialogRect
MessageBoxA

gdi32

GetStretchBltMode

winmm

midiStreamStop

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

comdlg32

GetOpenFileNameA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemAlloc

oleaut32

SysAllocStringByteLen

comctl32

_TrackMouseEvent

oledlg

ord8

ws2_32

inet_ntoa

wldap32

ord29

wininet

InternetCloseHandle

Sections

.text
Size: - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e719b41848890a65c57f7c465b85a065

Headers

File Characteristics

Imports

rasapi32

msvfw32

avifil32

kernel32

user32

gdi32

winmm

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wldap32

wininet

Sections

.text Size: - Virtual size: 594KB

.rdata Size: - Virtual size: 2.3MB

.data Size: - Virtual size: 319KB

.rsrc Size: 100KB - Virtual size: 118KB

.vmp0 Size: - Virtual size: 168KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 4KB - Virtual size: 156B

.text
Size: - Virtual size: 594KB

.rdata
Size: - Virtual size: 2.3MB

.data
Size: - Virtual size: 319KB

.rsrc
Size: 100KB - Virtual size: 118KB

.vmp0
Size: - Virtual size: 168KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 4KB - Virtual size: 156B