b98d94114ebf867cb018283afe411d14

Sharing

Copy URL Twitter E-mail

General

Target

b98d94114ebf867cb018283afe411d14
Size

1.9MB
MD5

b98d94114ebf867cb018283afe411d14
SHA1

7147947b9c93eaae2627b71c0562d6a46ca158b8
SHA256

e3733c96fe9defe08e4b619146765b61764a2ca6836a0a04a6f38d967af4fbfc
SHA512

eccce9a748cd155ae86b4ac17ad45a2fcbd804664717b00673b474dc59f676c4ffc231c6cddd80efeb104754dd53ffff46410914658fdbb3f5f063cd335fddb9
SSDEEP

49152:6XK0/lEvYTrrx7D3kJA2A0HD3uTR+p/oRiSo:6fR/rxneA8D32ApARiSo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/վӰƬV2.0ѹ/վӰƬV2.0..exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/վӰƬV2.0ѹ/վӰƬV2.0..exe

Files

b98d94114ebf867cb018283afe411d14
.zip
վӰƬV2.0ѹ/2.0.png
.png
վӰƬV2.0ѹ/ʳý̳.txt
վӰƬV2.0ѹ/վӰƬV2.0..exe
.exe windows:5 windows x86 arch:x86

49be0c57e466291f6cb65796aee0f932

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

midiStreamOpen

ws2_32

recvfrom

kernel32

VirtualAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

gdi32

TextOutA

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

SafeArrayGetUBound

comctl32

ImageList_SetBkColor

wininet

InternetCloseHandle

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 854KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
վӰƬV2.0ѹ/.txt

Sharing

General

Malware Config

Signatures

Files

49be0c57e466291f6cb65796aee0f932

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 779KB

.rdata Size: - Virtual size: 224KB

.data Size: - Virtual size: 402KB

.vmp0 Size: - Virtual size: 854KB

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 779KB

.rdata
Size: - Virtual size: 224KB

.data
Size: - Virtual size: 402KB

.vmp0
Size: - Virtual size: 854KB

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 20KB - Virtual size: 19KB