VRGreenLoader_1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VRGreenLoader_1.exe
Size

5.7MB
MD5

a0b018a561d5f9fe66bde4a2a7f99f40
SHA1

3c220679afd0c762d37fbef881c843c1aca80c3e
SHA256

70db6a5f61b011198df0bea814f960321930e054d8a4ebc1685fe35b8c97c68d
SHA512

a25727a65af03bd9581036c1fa6472279a51a5c7c4d326a35bff6d41062731610d3352542164e8222a7916fbbe2db0032d060b0fde06d3dcc32ba73a4cb11caf
SSDEEP

98304:vivc9Rz8blbfoRxhoM5hAnmwbe1FniqjaSbUw7hji9AALPwsHHGo0MJ8:6U9xAlkD+nXwVgSbTd2vHHcMJ8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VRGreenLoader_1.exe

Files

VRGreenLoader_1.exe
.exe windows:6 windows x64 arch:x64

Password: sdfsdf

5c838480edddc52bffb2f47cefb3b16b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

UnhookWindowsHookEx
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteW

ws2_32

getaddrinfo

ntdll

RtlCaptureContext

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: sdfsdf

5c838480edddc52bffb2f47cefb3b16b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

ntdll

wtsapi32

Sections

.text Size: - Virtual size: 233KB

.rdata Size: - Virtual size: 83KB

.data Size: - Virtual size: 280KB

.pdata Size: - Virtual size: 10KB

_RDATA Size: - Virtual size: 348B

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 186KB - Virtual size: 185KB

.text
Size: - Virtual size: 233KB

.rdata
Size: - Virtual size: 83KB

.data
Size: - Virtual size: 280KB

.pdata
Size: - Virtual size: 10KB

_RDATA
Size: - Virtual size: 348B

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 186KB - Virtual size: 185KB