d64acd447bf7f3a5ad3909bd9ab00a0a

Sharing

Copy URL

Twitter E-mail

General

Target

d64acd447bf7f3a5ad3909bd9ab00a0a
Size

2.9MB
MD5

d64acd447bf7f3a5ad3909bd9ab00a0a
SHA1

90320e8a5b491ad15d23af4fc74e9175cf0bb387
SHA256

69e325d32bf8d64553277c3336cffc5227cf93b8e16d104b43d1b9989dd0c8a2
SHA512

c6771d2e2892f7b7f90ff571ca2d04c27ad227853467f5dd9d719d6cb4001de86348196d4a7bf5888f8cc4eb7d9882ea7a39fec7fa3807c9601b22f4ac5de5e8
SSDEEP

49152:H7AvGFkgPmuW0FeddcYE/p/dhCS5lPgOGZpW8Vc7wOpaBAW7+2PSZPvzi/lB4YFQ:7PkXjcYE/ddhr3cOMBz7PPiHzcT4A5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d64acd447bf7f3a5ad3909bd9ab00a0a

Files

d64acd447bf7f3a5ad3909bd9ab00a0a
.exe windows:6 windows x86 arch:x86

126d18b9c36e4f76851a2ecbe37e4f3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32Next
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

ws2_32

socket

vcruntime140

__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-stdio-l1-1-0

_fseeki64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperBuffW

Exports

Exports

0�s� H6��:-��bX�sS�:L.��caX!��ԙj*�:��IT��ͥ�U��P��Jw��q�]��09�� ;��Տ�|�Դ6��?_�z�3�~!5?�ݟ��>�锅a:��2��uv-uj�K|�&ȧ�zO�0u�g2��0S+>m�,�Zୋ��r%��F<��3�C=z�B�Pxx��B=Q��-X�\N�� "2PlÕ�� xt��i ��7��X�Bo��1��&��T�+Ɠ� �e��E��efLkF��*BHn3��Qa�q�oz�- �1�!�.E/��E��FNO��thu~��|�M�ZuKIV޴��'\EeP�5*:�!F��~��&��dlL{V��6#;>F��m��M�JK)�i��Ty&5S��˘��c#J��y[�-� ��S>x�98y��͵Fw�D�#o�k��.��4䌏£�r#�)�X��yh9C'X��c�� h��Bѝ�bżf��%.z�>ʹ��^y;H,��n��Prmp9��.�%ä�f��T_/m�l�Ls��~��W��6��9��7:ʖ[�e�=�i��/d�� O)X�_Bi^ָJ�d�A��ɭY��̥M�~|^uE��9�CF�囒�M�[�˒H��L��gsVSɮ��bBZ�<u'��̞��l��zA ��:��u��\/#��D��˺�6t��c&;��I��#�["�q�O�2=�J��\�I��h}x�0Lv��=HA��'��=��#�s�d�w��kH�=�z��,5�M��Pd_�x}0(��M��N��eZf��ݭ��eX � o�aG��p(��)�mŢ��qh`W��bE�2��w�/��͑��{T��+�)@��|��z��[�"�ϸ��{��ӿC�#?�Qz�=0LF��WF��|��n�K��"wЌz�)bْ��i�m�J��䗑vs�m�~�H[0y�{U��QmGgD��=�t�� R^�(��N;��7��c�Կ� K��?��ȶ'pDwZ�i��[3C��8Z;�� '�c��!��\��i�"(�� k`��[�n쎒:q�x�N��ӖȕYe0�]��2��ȉ#��4��%�~�G8�5e�[��?39��9Z(`��<+q��޵�=��#T}��R2L��G)��|��R��<d�y[��K�C �i�E�(1e e�� S� ʅ�v��o݅Ņ��S�W��| fC�w�)�7�v�� +��H��U��٩!e��?QW��G��˴1P��تcL�K �?=�c��+��̈5��9�1�qG�#:8"=붏��gH�-�GPT�^��[��D"��1��; Mg�2�@��M/� $��h��S�(�\Ȧg��PS��}7gN�,,��3'*��ܡX��i*��'�x�Ъ��gv�/�|#?��MR�Ө�)��&os`��7�uz$�a�ӖVr>x��//>f�1rtQlu}��@4��Ua=��2W�=zҮ�p��%7�rl)��n��vc��rbt(q��n�4ǡ9��^9��BH��-̃|�y��Q[��n,X��&��9�ɑ{�kr�d�;7��7�>a�({'�b��_8��9-I��Q/cMfA1��5�q��5��=~�Cg��yK�}�] dHg'�-t��k��5V��Ukc��<�ď9�lXgq"ox�;je�R_蝄�v:���?�j2��$��J�O��=��]Ƙ��F�YM�k�s\��(M�VW��F/۫O��U��b�y�sm�5�.'�ݧ��C��LC�Ꭸ��1d��5�,>�n}ԥtHF&��fԺ[s] !��~�. ��L\�tN2a��BW��1�#w�&�F��:;6�H6�T3�}��d�;�wRP�"��{ C�t��s5��l zs:d��ٻT��W�<4"~A; N[�y4��PH7��z�ʸa�l�gQ��L�=ꘒ��ȷW7X��3�/2e�y��`�g��C5��KK�Y慆��8�yԄ��!��'�� b��R_��r<��}��} �I��,�mX��:W��`�:�Y� ?ऎ�O��W��y��InF�TtBzӫHE��>G�O��8E+ϫ(h��z>�C�� z,��c��\��P\�4*1xh��:��uPX�O�X�͒=ڂv�MgE�i��ma"%j��IoP��<]t��v��7�,|�Y��mӱm��V9D|%��!��6��E��2�G_��F"�+�I��([�Q��żU3y{�u�� d�ג$|3�/Ӭ��e��!��Le��Y��S�9B��\&��"Bk*�t�ň�"�ӾvZ��hm��S��C��I�\d��D�Dz�Ǡ�m��7��b��J�C��D��2��H��dM�{��>�6�6��#�:��ဘ��CU�K��s�xu6� ��c��dߋ�L�r��_eAC��%�U)e�'��d��4��W�(��LYtBA��sJ�q�}��h��-`?�7ʭ�]�L/��c=�w� eAԥ�O�o�P��h�ە��ι��g��J��#��L��4z ��Ή�i4m_�W�}�=ձ\ԁ i�q΂�%��끏�\�60�V� ԛ��(��VvSL��==�w`̥��:��B�̽�P��'��qL�9njk��x+�~��S�&<��5�e��-F�A|#*�D:�Y�:.`��o7�m�F��U!��8��{&��72�ڑ��}AR s+�Քy�Ҕ?�L�A�n�>ir�wn2��h"��:��v�9�Z�iOZ�m��Vxn}��oI��6?

Sections

.text
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

126d18b9c36e4f76851a2ecbe37e4f3e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Exports

Exports

Sections

.text Size: - Virtual size: 110KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 512B - Virtual size: 416B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 110KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 512B - Virtual size: 416B

.rsrc
Size: 512B - Virtual size: 480B