7873e8b30c490748eff3b5165bd85ca6f430358a5f549c43129a8c6e4002f073 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7873e8b30c490748eff3b5165bd85ca6f430358a5f549c43129a8c6e4002f073
Size

740KB
MD5

f6a70358bf69fdcc7af53dcfddb666de
SHA1

cd83d56898de3e1af999679dce9b2755a287d6ff
SHA256

7873e8b30c490748eff3b5165bd85ca6f430358a5f549c43129a8c6e4002f073
SHA512

c5f23e9670278df6607c3fd1c8c0aafd5593dc1d2fa140f7186e8d60ad3e2c1b42ceec028865d118f59e79295ac8196e8ff5cadfae37ef302b6286c409cd3f17
SSDEEP

12288:/57FS2wP5Nrd0SNcZlifGW5Fi7rKjzoS8x95Jrn4F57nmIF5ShORoQWI51E67+:/dE2wP5NZ0SYQ+4FaKGxN4jndF5SmojT

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7873e8b30c490748eff3b5165bd85ca6f430358a5f549c43129a8c6e4002f073

Files

7873e8b30c490748eff3b5165bd85ca6f430358a5f549c43129a8c6e4002f073
.exe windows:5 windows x86 arch:x86

1c644317983f8967679b8d10d729e18d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcspn

ws2_32

setsockopt

mfc42

ord800

kernel32

GetVersionExA
GetOEMCP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetLastInputInfo

advapi32

UnlockServiceDatabase

shell32

SHGetSpecialFolderPathA

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

Sections

.text
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE