97afafb302b07cdf53045a38e78f311b

Sharing

Copy URL Twitter E-mail

General

Target

97afafb302b07cdf53045a38e78f311b
Size

50KB
MD5

97afafb302b07cdf53045a38e78f311b
SHA1

b9274a4494d7e01b5dd7d045b42f28c1766b7ecb
SHA256

cffe7f6ed7e43330b035d0694489455a7cbe18bd2a03515713d1fb588fea2e97
SHA512

a0a97b3bfd0d0b458f9650978cdc91ca86630d53ebbf717025bb362a7584a60d15f4ce45ce6853236be365a636ba6bfb989e2b309e1140188ddcbfc9febb67fa
SSDEEP

384:wjZmN150QeCVrySpUTI7deGqI18u2CJlW8HLf2qjiHeX23hKt5AdQenIGLpGx2p:wjZSj0aV2KEGqI18upBHDFieiwt5EIwL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97afafb302b07cdf53045a38e78f311b

Files

97afafb302b07cdf53045a38e78f311b
.dll windows:4 windows x86 arch:x86

22d25d9797429b2882b194856313951e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
WriteFile
CreateFileA
lstrcmpiA
GetModuleFileNameA
DisableThreadLibraryCalls
CreateThread
SetFileTime
GetFileTime
GetEnvironmentVariableA
Sleep
DeleteFileA
FreeLibraryAndExitThread
ExitProcess
WaitForSingleObject
GetProcAddress
lstrcmpA
ReadFile
SetFilePointer
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
MultiByteToWideChar
GetCurrentProcess
lstrcpyA
FreeLibrary
CreateEventA
LoadLibraryA

user32

wsprintfA
WaitForInputIdle

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetCloseHandle
InternetOpenUrlA

msvcrt

??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm
free
_except_handler3
memcpy
strchr
memset
??3@YAXPAX@Z
__CxxFrameHandler
_EH_prolog

Exports

Exports

DoWorkEx
DoWorkWl

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d25d9797429b2882b194856313951e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 678B

.vmp0 Size: 16KB - Virtual size: 12KB

.vmp1 Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 678B

.vmp0
Size: 16KB - Virtual size: 12KB

.vmp1
Size: 4KB - Virtual size: 1KB