79b06f5b80bea93f14864d80137e1597

Sharing

Copy URL Twitter E-mail

General

Target

79b06f5b80bea93f14864d80137e1597
Size

182KB
MD5

79b06f5b80bea93f14864d80137e1597
SHA1

69d4bdf31b768432ac72509498eb8afa29a672ee
SHA256

8066032b696fa89e72881c6fee0381e56ee407e797a03f510a7d433c641df7c2
SHA512

336e4e7b84a8f43228b80d3457fa63f0fb460c43e0f18a82b317301731cdd95b83bc86e1daedd773ec1f600b314c4a5be54b5cf1721fa5aed26012f497992bd4
SSDEEP

3072:R7/cfJJx11kRk0fziCZlZ/ugRpYCeqYEVluB0LXLpoDRb7fcLsBqUU:B/cfZ11klxu+7ePBCLWD5fFBnU

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79b06f5b80bea93f14864d80137e1597

Files

79b06f5b80bea93f14864d80137e1597
.exe windows:4 windows x86 arch:x86

e802cea0c0750e9de8679f229cc662de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
ReadFile
SetFilePointer
SetLastError
GetFileAttributesA
SetFileTime
GetSystemDirectoryA
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
SizeofResource
WriteFile
lstrlenA
FreeResource
MultiByteToWideChar
WideCharToMultiByte
GetVersion
LoadLibraryA
FreeLibrary
CreateRemoteThread
WaitForSingleObject
HeapFree
OpenProcess
CloseHandle
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
GetWindowsDirectoryA
MoveFileExA
CopyFileA
DeleteFileA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
ExitProcess
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
lstrcmpA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetMessageA
MessageBoxA
wsprintfA
PostThreadMessageA
GetInputState
MessageBoxA

advapi32

AddAce
ControlService
StartServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
ChangeServiceConfigA
LockServiceDatabase
GetUserNameA
CreateServiceA
UnlockServiceDatabase

msvcrt

_XcptFilter
_strcmpi
_except_handler3
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
strncmp
strtoul
isdigit
__CxxFrameHandler
_CxxThrowException
strstr
??1type_info@@UAE@XZ
_exit
_strlwr
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

netapi32

NetUserGetLocalGroups
NetApiBufferFree

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e802cea0c0750e9de8679f229cc662de

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: - Virtual size: 12KB

.rsrc Size: 23KB - Virtual size: 140KB

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: 157KB - Virtual size: 157KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: - Virtual size: 12KB

.rsrc
Size: 23KB - Virtual size: 140KB

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: 157KB - Virtual size: 157KB

.reloc
Size: 512B - Virtual size: 108B