7b05ae8f410def372a6884b45fd3aa87

Sharing

Copy URL Twitter E-mail

General

Target

7b05ae8f410def372a6884b45fd3aa87
Size

944KB
MD5

7b05ae8f410def372a6884b45fd3aa87
SHA1

195439cb6e3011002f9a5671951c2af35587742c
SHA256

8dbf92538852415e7fa2fb125143662073c6c31356b11957e5b39b4077666bbc
SHA512

c92fabbe31e4c0fa8517015731baaf27063186a571910c4d92eb6e3f55816898a2f53365d0ba06f4d6bd392467297d84a10aa740bfcb4c12e627f0fc388b3c19
SSDEEP

24576:Z0drO5rvAhZJMgr+9hZ3XwuwIwoHhyijiQy:Z0d6xvA7JMe+9hZHwIJhyP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b05ae8f410def372a6884b45fd3aa87

Files

7b05ae8f410def372a6884b45fd3aa87
.dll windows:4 windows x86 arch:x86

861a27ed39e0c084cca50d2e5179ef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnlockFile
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetTopWindow
MessageBoxA

gdi32

SetWindowExtEx

winmm

midiStreamProperty

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

accept

comdlg32

ChooseColorA

Exports

Exports

??��??��?a��??��
??��??��?a��??��2
RunDllHostCallBack
��???��̦�??��

Sections

.text
Size: - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 924KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

861a27ed39e0c084cca50d2e5179ef4c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 485KB

.rdata Size: - Virtual size: 85KB

.data Size: - Virtual size: 126KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 67KB

.vmp1 Size: - Virtual size: 564KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 924KB - Virtual size: 920KB

.reloc Size: 4KB - Virtual size: 384B

.text
Size: - Virtual size: 485KB

.rdata
Size: - Virtual size: 85KB

.data
Size: - Virtual size: 126KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 67KB

.vmp1
Size: - Virtual size: 564KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 924KB - Virtual size: 920KB

.reloc
Size: 4KB - Virtual size: 384B