b95f943bf9dc2bc7836695541f8cb00d

Sharing

Copy URL Twitter E-mail

General

Target

b95f943bf9dc2bc7836695541f8cb00d
Size

6.4MB
MD5

b95f943bf9dc2bc7836695541f8cb00d
SHA1

fe33e2e59e4eb8f4b74e8b55ab0a4376194783a5
SHA256

d2d8a4462a5c1c957a4bb1689fcb984e2c259f2f6119faa7cceb5056c487e272
SHA512

4add5a9c185494c6b016adf0657cef3ba387bb732a719df614842f336b76be07443a0e6ef6880668f33fc4d03d321471a5c48f624867666414c7228cedc76b60
SSDEEP

98304:woGTXS3mMCHNUtW0rsOdOMuuw0fq/NTr0QD5vZ9J1D6pZ9cx/uOLgej0i:3mS2MCWs0IOluKfkV0o9J1qcHLgejj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b95f943bf9dc2bc7836695541f8cb00d

Files

b95f943bf9dc2bc7836695541f8cb00d
.exe windows:6 windows x64 arch:x64

5216a79d41142f201636ca21a3fecfa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

SystemFunction036

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

wininet

HttpSendRequestW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5216a79d41142f201636ca21a3fecfa9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

wtsapi32

Sections

.text Size: - Virtual size: 367KB

.rdata Size: - Virtual size: 135KB

.data Size: - Virtual size: 12KB

.pdata Size: - Virtual size: 13KB

_RDATA Size: - Virtual size: 148B

.vmp0 Size: - Virtual size: 4.4MB

.vmp1 Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 512B - Virtual size: 180B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 367KB

.rdata
Size: - Virtual size: 135KB

.data
Size: - Virtual size: 12KB

.pdata
Size: - Virtual size: 13KB

_RDATA
Size: - Virtual size: 148B

.vmp0
Size: - Virtual size: 4.4MB

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 512B - Virtual size: 180B

.rsrc
Size: 512B - Virtual size: 480B