786efa536c2f6595e768e647abed0d1a

Sharing

Copy URL

Twitter E-mail

General

Target

786efa536c2f6595e768e647abed0d1a
Size

468KB
MD5

786efa536c2f6595e768e647abed0d1a
SHA1

760162d89d771755c87e3c07ed46fd57ccb491c0
SHA256

73986cac449420b276802020d4ed14f99f9e30c9a744503c8ee6f9e0e62b2cf5
SHA512

02d34af135923f8c8e53389affc6c28067de0dfb90e32ae43c6d82153e8c570bce1bf380bba2169d1d0d8e2b80b1af4229c1175cf9f033b728ae7b35107da1d2
SSDEEP

12288:/cFvErJZL4L8xVzmkvKSteZyLl0qKUzhWDRcE31QfBjKA:EmHxmEbvKUzUDz1QfBjd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
786efa536c2f6595e768e647abed0d1a

Files

786efa536c2f6595e768e647abed0d1a
.dll windows:4 windows x86 arch:x86

1c640446172d3c0281ed4c63f5a1c25d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessW
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

?what@exception@std@@UBEPBDXZ

ws2_32

WSAAsyncSelect

ole32

CoCreateInstance

user32

SetTimer

advapi32

OpenProcessToken

psapi

GetModuleFileNameExA

Exports

Exports

scanCook
scanbegin

Sections

.text
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c640446172d3c0281ed4c63f5a1c25d

Headers

File Characteristics

Imports

kernel32

msvcp80

msvcr80

ws2_32

ole32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 540KB

.rdata Size: - Virtual size: 374KB

.data Size: - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 428B

.vmp0 Size: - Virtual size: 40KB

.vmp1 Size: - Virtual size: 37KB

.vmp2 Size: 456KB - Virtual size: 452KB

.reloc Size: 4KB - Virtual size: 104B

.text
Size: - Virtual size: 540KB

.rdata
Size: - Virtual size: 374KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 428B

.vmp0
Size: - Virtual size: 40KB

.vmp1
Size: - Virtual size: 37KB

.vmp2
Size: 456KB - Virtual size: 452KB

.reloc
Size: 4KB - Virtual size: 104B