b49d41e80664f913e7e3f359e1d13817

Sharing

Copy URL

Twitter E-mail

General

Target

b49d41e80664f913e7e3f359e1d13817
Size

5.7MB
MD5

b49d41e80664f913e7e3f359e1d13817
SHA1

cd1e43b8755ca5f0756e4dcf4d627f2ddcdc90d8
SHA256

72111582f545744da1b6a2c82643303a22384375a5646a52fd88998138e4bbd8
SHA512

609ac235ac31144626562aa8df7604293a418ca63fcb244898ee0052a2a35d6874d7219b387126aaf025c72e5d3807421f94d9d25c3690d96c401e6c7417b80e
SSDEEP

98304:jRtilbPNVA8Kz87WvSy+TFXaTfe83yMkY8i9H0jnzF/WY2M3eAKN:ENVA8j7aFjemyO8ih0jzV8MuZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b49d41e80664f913e7e3f359e1d13817

Files

b49d41e80664f913e7e3f359e1d13817
.exe windows:6 windows x64 arch:x64

7aa0100846fa94e1f4fcd58b0a0c102f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetAsyncKeyState
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegSetValueExA

ntdll

RtlInitUnicodeString

normaliz

IdnToAscii

ws2_32

listen

wldap32

ord301

crypt32

CertOpenStore

wininet

InternetOpenUrlA

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aa0100846fa94e1f4fcd58b0a0c102f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

normaliz

ws2_32

wldap32

crypt32

wininet

wtsapi32

Sections

.text Size: - Virtual size: 591KB

.rdata Size: - Virtual size: 215KB

.data Size: - Virtual size: 232KB

.pdata Size: - Virtual size: 26KB

_RDATA Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 1024B - Virtual size: 647B

.text
Size: - Virtual size: 591KB

.rdata
Size: - Virtual size: 215KB

.data
Size: - Virtual size: 232KB

.pdata
Size: - Virtual size: 26KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 1024B - Virtual size: 647B