43b16597d9fb301c20fcefc5461bb76ea83f14f945ee7b7a324cbeba19ddaad4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43b16597d9fb301c20fcefc5461bb76ea83f14f945ee7b7a324cbeba19ddaad4
Size

5.4MB
MD5

2c78ce536a0052a7c0be533f8556222e
SHA1

c3f8dd4fb3839e652b65de49477f6f5ca2005f33
SHA256

43b16597d9fb301c20fcefc5461bb76ea83f14f945ee7b7a324cbeba19ddaad4
SHA512

4cc8525ecca31c120e76e39cfd24bfcec977eaae6d199c275e743e4d969d5f635bf2a6635d9d9de7e70e2d8009ffa6ae1884ec47da63f6064e794567b8369864
SSDEEP

98304:2D73GmV0BaQKG4naNKRdOL9uxCY+bNnbeXFJrTNVOMGVbgBOgPOk0ajW:MbV0FGRW9ICY+MFdN0V0QR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43b16597d9fb301c20fcefc5461bb76ea83f14f945ee7b7a324cbeba19ddaad4

Files

43b16597d9fb301c20fcefc5461bb76ea83f14f945ee7b7a324cbeba19ddaad4
.dll windows:5 windows x86 arch:x86

f9b1cb0141167091e3376fff132c8b73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathW

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

OnInitFuc

Sections

.text
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ