bb8e202bf149c8336e4d05d56340e966

Sharing

Copy URL Twitter E-mail

General

Target

bb8e202bf149c8336e4d05d56340e966
Size

59KB
MD5

bb8e202bf149c8336e4d05d56340e966
SHA1

050193b8473375418e5289b3acdd929c7aa258a4
SHA256

e79fb28dfdc6c31a87a065be4b4f295d2b55e595603898553b49219974f5e22c
SHA512

3d56d72f20ddb7184b4896f8e73bcc01b386561d66698e5baa0e07329f78c45efe89012c2746de2d1d0487c5b0f0df634ab61224ef5f27b0a99ea539cfbf1e6b
SSDEEP

768:NnDg+87Z1ulWuN8YK8daObzCajXpKwAi8TW2ZXnupRm4lz6V1EAFAx7n2/nD3oQM:NkTugYXHCar0wr8DCm4lz6cnx2bzNi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb8e202bf149c8336e4d05d56340e966

Files

bb8e202bf149c8336e4d05d56340e966
.exe windows:4 windows x86 arch:x86

7bc53e0880fa01d1192e6dbbc9413be7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2915
ord1158
ord540
ord860
ord535
ord858
ord800
ord823
ord825

msvcrt

_initterm
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
strncpy
_controlfp
__CxxFrameHandler
exit
strstr
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
srand
strcspn
printf
strncmp
rand
malloc

kernel32

GetTickCount
WriteFile
CreateFileA
GetFileSize
CreateThread
lstrcpyA
GlobalMemoryStatus
GetVersionExA
GetModuleHandleA
GetCurrentProcessId
GetProcessHeap
HeapAlloc
InterlockedExchange
GetModuleFileNameA
GetWindowsDirectoryA
Sleep
ReadFile
CreateProcessA
GetStartupInfoA
CloseHandle
FindClose
FindNextFileA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
CopyFileA
MoveFileA
FreeLibrary
GetProcAddress
LoadLibraryA
WinExec
GetCurrentProcess
GetComputerNameA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcirt

??6ostream@@QAEAAV0@H@Z
?cout@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z

avicap32

capGetDriverDescriptionA

ws2_32

setsockopt
send
recv
gethostbyname
inet_addr
WSAStartup
closesocket
connect
socket
htons
shutdown
sendto
WSASocketA
gethostname
inet_ntoa
WSAIoctl

Sections

.text
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc53e0880fa01d1192e6dbbc9413be7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

msvcp60

msvcirt

avicap32

ws2_32

Sections

.text Size: - Virtual size: 31KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 7KB

.vmp0 Size: - Virtual size: 10KB

.vmp1 Size: 58KB - Virtual size: 57KB

.reloc Size: 512B - Virtual size: 76B

.text
Size: - Virtual size: 31KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 7KB

.vmp0
Size: - Virtual size: 10KB

.vmp1
Size: 58KB - Virtual size: 57KB

.reloc
Size: 512B - Virtual size: 76B