1433ebc678d9a1c25b7ac94ea55132e1ebbe7c18454a1c6772b34a90953a653d

Sharing

Copy URL Twitter E-mail

General

Target

1433ebc678d9a1c25b7ac94ea55132e1ebbe7c18454a1c6772b34a90953a653d
Size

5.8MB
MD5

e0dd9e857bc0f1b2bd3eabc33a88a6b2
SHA1

48ed7baed1a4664f50298c7c3cee9a3df26b68ef
SHA256

1433ebc678d9a1c25b7ac94ea55132e1ebbe7c18454a1c6772b34a90953a653d
SHA512

412bdf9f677c46a02af514ec4cd20618a07a776bc36f55145bd9754539a3658418dce02a1bcde096456275586d81967a46170d78d73e191602fdebd8bc512131
SSDEEP

98304:E+wHht1Gt88A5CY4fvBTWQ2pD+AIHjHVY6whYcPMebwr6:3wHz1p8A5CNepHIHhY6CYIMXr6

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1433ebc678d9a1c25b7ac94ea55132e1ebbe7c18454a1c6772b34a90953a653d

Files

1433ebc678d9a1c25b7ac94ea55132e1ebbe7c18454a1c6772b34a90953a653d
.dll windows:6 windows x64 arch:x64

c3315b1898e830124ff66284a01a8e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadCursorA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegQueryValueExW

shell32

SHGetFolderPathW

winmm

timeGetTime

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

imm32

ImmReleaseContext

vcruntime140

__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

_errno

api-ms-win-crt-stdio-l1-1-0

fgetc

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-math-l1-1-0

_ldtest

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

wtsapi32

WTSSendMessageW

Exports

Exports

?WndProcHandlerRegister@@YAXP6AXI_K_J@Z@Z
?WndProcHandlerUnregister@@YAXP6AXI_K_J@Z@Z
?changeScriptThread@@YAXI@Z
?createTexture@@YAHPEBD@Z
?drawTexture@@YAXHHHHMMMMMMMMMMMM@Z
?getGameVersion@@YA?AW4eGameVersion@@XZ
?getGlobalPtr@@YAPEA_KH@Z
?getScriptHandleBaseAddress@@YAPEAEH@Z
?keyboardHandlerRegister@@YAXP6AXKGEHHHH@Z@Z
?keyboardHandlerUnregister@@YAXP6AXKGEHHHH@Z@Z
?nativeCall@@YAPEA_KXZ
?nativeInit@@YAX_K@Z
?nativePush64@@YAX_K@Z
?presentCallbackRegister@@YAXP6AXPEAX@Z@Z
?presentCallbackUnregister@@YAXP6AXPEAX@Z@Z
?registerRawStreamingFile@@YAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?scriptRegister@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
?scriptRegisterAdditionalThread@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
?scriptUnregister@@YAXP6AXXZ@Z
?scriptUnregister@@YAXPEAUHINSTANCE__@@@Z
?scriptWait@@YAXK@Z
?worldGetAllObjects@@YAHPEAHH@Z
?worldGetAllPeds@@YAHPEAHH@Z
?worldGetAllPickups@@YAHPEAHH@Z
?worldGetAllVehicles@@YAHPEAHH@Z

Sections

.text
Size: - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3315b1898e830124ff66284a01a8e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

winmm

msvcp140

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 857KB

.rdata Size: - Virtual size: 314KB

.data Size: - Virtual size: 426KB

.pdata Size: - Virtual size: 26KB

.vmp0 Size: - Virtual size: 3.5MB

.vmp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 857KB

.rdata
Size: - Virtual size: 314KB

.data
Size: - Virtual size: 426KB

.pdata
Size: - Virtual size: 26KB

.vmp0
Size: - Virtual size: 3.5MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 512B - Virtual size: 469B