032bd6c2bdc1146fd2231d0610e073ebcb1158731c9fc7adf2d1943415e8b642

Sharing

Copy URL Twitter E-mail

General

Target

032bd6c2bdc1146fd2231d0610e073ebcb1158731c9fc7adf2d1943415e8b642
Size

210KB
MD5

44577a4d798555f69f94797f323a06a8
SHA1

70e7e6cdde14cdb7d5630fb559848a9d76bbd97a
SHA256

032bd6c2bdc1146fd2231d0610e073ebcb1158731c9fc7adf2d1943415e8b642
SHA512

10a7e1a56532d5d9bd3ee7a08a088c73f82959a0a10ce703793754e1e247870a59bd1511ec5199db27934e560194dd5423f3a13622bee9dd7abc9c36dda875a4
SSDEEP

6144:VHni0tgtM7RIGuxBLptyRLBUWtnlhFQhtU:VHi0t3tuxBLptUF/fQ8

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
032bd6c2bdc1146fd2231d0610e073ebcb1158731c9fc7adf2d1943415e8b642

Files

032bd6c2bdc1146fd2231d0610e073ebcb1158731c9fc7adf2d1943415e8b642
.exe windows:4 windows x86 arch:x86

66caf1222d04e7c3999ebbd1d43f4b9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
ExitProcess
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GetStringTypeA
LCMapStringW
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
GetStringTypeW
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MaskPE
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KK
Size: - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66caf1222d04e7c3999ebbd1d43f4b9f

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: - Virtual size: 16KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 162KB

.rsrc Size: 1024B - Virtual size: 1KB

.MaskPE Size: - Virtual size: 1KB

KK Size: - Virtual size: 520B

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: 208KB - Virtual size: 207KB

.reloc Size: 512B - Virtual size: 88B

.text
Size: - Virtual size: 16KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 162KB

.rsrc
Size: 1024B - Virtual size: 1KB

.MaskPE
Size: - Virtual size: 1KB

KK
Size: - Virtual size: 520B

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: 208KB - Virtual size: 207KB

.reloc
Size: 512B - Virtual size: 88B