a922a7f42acbc6f4473f26947a7c59b36b48e9d20e067d80508d10f324ff9797

Sharing

Copy URL Twitter E-mail

General

Target

a922a7f42acbc6f4473f26947a7c59b36b48e9d20e067d80508d10f324ff9797
Size

8.3MB
MD5

4ca90e30b401aa46a535bb8ec5fabc4d
SHA1

9f574496f937444ff48b617d71dddb63eae378cc
SHA256

a922a7f42acbc6f4473f26947a7c59b36b48e9d20e067d80508d10f324ff9797
SHA512

658ffe367aba80ece502e4d51db7691c1a687892b8b8a2b816c898017d3999178c53f32f424ae737d5386723d8ff5ae4a1636d2a728ce9903ad656a2b82e334a
SSDEEP

196608:19Evket6dk+osDkcTUWfeWjtm9J9vScD5fXP0CvvxzX:19Evk/dvTUFWjtVc5fX1vxz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a922a7f42acbc6f4473f26947a7c59b36b48e9d20e067d80508d10f324ff9797

Files

a922a7f42acbc6f4473f26947a7c59b36b48e9d20e067d80508d10f324ff9797
.exe windows:5 windows x86 arch:x86

ccc5177317d53c5f50d72095f57af95a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowTextA
CharUpperBuffW

advapi32

CreateServiceA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

psapi

GetProcessImageFileNameA

shlwapi

PathFindExtensionA

gdiplus

GdipDisposeImage

atl

ord42

ole32

CoUninitialize

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestA

dbghelp

MakeSureDirectoryPathExists

shell32

DragAcceptFiles

gdi32

SetTextColor

msvcrt

_stricmp

ws2_32

gethostname

oleaut32

SysFreeString

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc5177317d53c5f50d72095f57af95a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

psapi

shlwapi

gdiplus

atl

ole32

iphlpapi

wininet

dbghelp

shell32

gdi32

msvcrt

ws2_32

oleaut32

wtsapi32

Sections

.text Size: - Virtual size: 749KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 1.2MB

.vmp0 Size: - Virtual size: 7.0MB

.vmp1 Size: 8.3MB - Virtual size: 8.3MB

.reloc Size: 512B - Virtual size: 256B

.text
Size: - Virtual size: 749KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 1.2MB

.vmp0
Size: - Virtual size: 7.0MB

.vmp1
Size: 8.3MB - Virtual size: 8.3MB

.reloc
Size: 512B - Virtual size: 256B