8b0ec378be2e173b7bc54504eb2c55fe

Sharing

Copy URL Twitter E-mail

General

Target

8b0ec378be2e173b7bc54504eb2c55fe
Size

217KB
MD5

8b0ec378be2e173b7bc54504eb2c55fe
SHA1

6e276e8ca80873484379ab71ca9b5564bfbf5a8e
SHA256

16a27f781370158832eabd1866c4cc3350609405c6386bdc0f929fa6d51e6014
SHA512

81d1873a32b9e3b030177e003793ab568c7d6e44a9a24016278adafedceb0f74ccac1ae19fce2344e1cb0827a204a31aa1af12b0d0a4fa5848c3e2e757fcfad8
SSDEEP

6144:2B0RKvm0IfoyECBfyt6KHOfnk1Q6qizPYWaG4awnj8:2ByKvmpoxcfyt6hsvRzPYn9hj8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b0ec378be2e173b7bc54504eb2c55fe

Files

8b0ec378be2e173b7bc54504eb2c55fe
.dll windows:4 windows x86 arch:x86

a898ffaf2b98400b439596aedd5849fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2446

msvcrt

srand

kernel32

GetCurrentProcess
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnableWindow

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a898ffaf2b98400b439596aedd5849fc

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 7KB

.vmp1 Size: 4KB - Virtual size: 968B

.vmp0 Size: - Virtual size: 1KB

.vmp2 Size: - Virtual size: 146KB

.vmp3 Size: 200KB - Virtual size: 196KB

.reloc Size: 4KB - Virtual size: 172B

.rsrc Size: 4KB - Virtual size: 958B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 7KB

.vmp1
Size: 4KB - Virtual size: 968B

.vmp0
Size: - Virtual size: 1KB

.vmp2
Size: - Virtual size: 146KB

.vmp3
Size: 200KB - Virtual size: 196KB

.reloc
Size: 4KB - Virtual size: 172B

.rsrc
Size: 4KB - Virtual size: 958B