fb0e68971fc87ca5f09595199ded38bc1f99d1954b92862baf7a888b269a2f46

General

Target

fb0e68971fc87ca5f09595199ded38bc1f99d1954b92862baf7a888b269a2f46
Size

204KB
MD5

ce25c06a5ded94fd3602ea7d0b2068f8
SHA1

f97690000cc3a5e1e20020f58fd68be39ffe071c
SHA256

fb0e68971fc87ca5f09595199ded38bc1f99d1954b92862baf7a888b269a2f46
SHA512

8da5a30e23966a8dd5b8d1379767d4c2a360c0b0befff53f6a01011cce70d4109886dd7e25fae777b782f46d9f540f1919f65378f7a223d683424c70250afbc4
SSDEEP

3072:Trewx2yGwF7Zet/AlbY/9TdtV7OAO571dcr29JZszB:157ZZlbHlpkB

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb0e68971fc87ca5f09595199ded38bc1f99d1954b92862baf7a888b269a2f46

Files

fb0e68971fc87ca5f09595199ded38bc1f99d1954b92862baf7a888b269a2f46
.exe windows:4 windows x86 arch:x86

df63dcf0a8a2cd7fffb003d5b808bdea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CloseHandle
CreateFileA
OutputDebugStringA
GetTempPathA
LoadLibraryA
SetFilePointer
WriteFile
CreateProcessA
lstrcmpiA
GetVersionExA
GetModuleHandleA
GetProcAddress
GetTickCount
lstrlenA
GetSystemTime
GetModuleFileNameA
LCMapStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetLastError
LCMapStringW

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

ws2_32

send
recv
WSAStartup
gethostbyname
socket
htons
inet_addr
connect

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df63dcf0a8a2cd7fffb003d5b808bdea

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 24KB

.vmp0 Size: 56KB - Virtual size: 55KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 24KB

.vmp0
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 4KB - Virtual size: 1KB