8efcf1b53e659ad1cb2b59179b447f18

Sharing

Copy URL

Twitter E-mail

General

Target

8efcf1b53e659ad1cb2b59179b447f18
Size

1.5MB
MD5

8efcf1b53e659ad1cb2b59179b447f18
SHA1

b5fbca7d35d9f58c69bd742959da94a11bd13941
SHA256

9e797fa163a36f59dd5a5b4e38ddd7e83142e5e4e8f3d2719236cdfb7b5eb90f
SHA512

d64acea7669ff40a84c32e834201743f6a44e4f33b4c0e39426cb3c39e977114d4c856d84312e80487b8ccbc10a5545049162b115abae4bca7a1289dc1a90abf
SSDEEP

24576:i31YOjN9qtf/Bfj5Xx41tOrvN+ZWp4FdwoIXauQGIKXENBM16QuEEgAka1y:U9etB9S7ykK46XV2BM1huElJaI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8efcf1b53e659ad1cb2b59179b447f18

Files

8efcf1b53e659ad1cb2b59179b447f18
.dll windows:4 windows x86 arch:x86

14c0b04604cd7754f5f15dd6eab66b62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetShellWindow

advapi32

SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA

msvcrt

sprintf

version

GetFileVersionInfoA

ws2_32

setsockopt

shlwapi

PathFileExistsA

psapi

GetModuleBaseNameA

iphlpapi

SendARP

Sections

.text
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 191B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14c0b04604cd7754f5f15dd6eab66b62

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

version

ws2_32

shlwapi

psapi

iphlpapi

Sections

.text Size: - Virtual size: 77KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 1.2MB

.vmp0 Size: - Virtual size: 198KB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 4KB - Virtual size: 192B

.rsrc Size: 4KB - Virtual size: 191B

.text
Size: - Virtual size: 77KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 1.2MB

.vmp0
Size: - Virtual size: 198KB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 4KB - Virtual size: 192B

.rsrc
Size: 4KB - Virtual size: 191B