db3bf56bc1fc4941b3c79915c80ed63aba3d0dcf7de73da8a63267fd14ebd25f | Triage

Sharing

General

Target

db3bf56bc1fc4941b3c79915c80ed63aba3d0dcf7de73da8a63267fd14ebd25f
Size

47KB
MD5

e2a72be5c06661668746ded826b56f77
SHA1

a2c46e442cef13c1c317d4de9416fc3b4b850222
SHA256

db3bf56bc1fc4941b3c79915c80ed63aba3d0dcf7de73da8a63267fd14ebd25f
SHA512

8782570151a392c11cc118e5c1fa2b1d2670079273424b30a3fee2b004ca6ad1603ab4a9df12fbca67d2bc2762ad92f520dd7a8f8738c6adb6685af22e033032
SSDEEP

768:w0VhtAfwHimao51vD6VHypXI0LdWfQqzNWNLP9T0BBAlLlSyDt+eoYRk:w0hAW1iqdWNzI5Pd4CSyDt+iRk

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db3bf56bc1fc4941b3c79915c80ed63aba3d0dcf7de73da8a63267fd14ebd25f

Files

db3bf56bc1fc4941b3c79915c80ed63aba3d0dcf7de73da8a63267fd14ebd25f
.exe windows:4 windows x86 arch:x86

3692d664d063c430bc70000eda71cfd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CreateProcessA
Sleep
WaitForSingleObject
ReleaseMutex
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
CloseHandle
GetModuleFileNameA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
GetTickCount
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
OpenMutexA
IsBadReadPtr
SetConsoleTitleA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA

msvcrt

rand
tolower
??3@YAXPAX@Z
srand
strrchr
_ftol
strchr
atoi
memmove
malloc
free
fclose
fread
rewind
ftell
fseek
fopen
fwrite

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ