ac668abf208e03a11e29cc9cabdb5f80ec57f2a76a9539efe6f664b3d99b73e4

Sharing

Copy URL Twitter E-mail

General

Target

ac668abf208e03a11e29cc9cabdb5f80ec57f2a76a9539efe6f664b3d99b73e4
Size

2.3MB
MD5

62046fd940286d7ea69325c18479e3df
SHA1

6ffe30269be222445c0991a9243447e3e3a7192f
SHA256

ac668abf208e03a11e29cc9cabdb5f80ec57f2a76a9539efe6f664b3d99b73e4
SHA512

65cc9673097287c2b29678ff2b7b61d2b2a8c4ee8c1a6cbc3bb5e28ec7182012ad22710589dfb97a94bb5e6546a3b20c58781bd8449b3e8ee44887dfbf538bcf
SSDEEP

49152:45uZF6KtMeMZayaPXHxdq7M+z9f3I88WQF+yV29dLQgQYhpjtM1D:OUHMroBdho9f3DzyATQgxpa

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac668abf208e03a11e29cc9cabdb5f80ec57f2a76a9539efe6f664b3d99b73e4

Files

ac668abf208e03a11e29cc9cabdb5f80ec57f2a76a9539efe6f664b3d99b73e4
.dll windows:6 windows x86 arch:x86

4ea42f4f8bf946dc7aa6b79b8b49c238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

StartServiceA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

fwpuclnt

FwpmGetAppIdFromFileName0

wininet

InternetReadFile

ws2_32

inet_addr

iphlpapi

GetTcpTable2

wtsapi32

WTSQueryUserToken
WTSSendMessageW

userenv

CreateEnvironmentBlock

user32

CharUpperBuffW

Exports

Exports

InsertSvc
ServiceMain
UninstallSvc

Sections

.text
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ea42f4f8bf946dc7aa6b79b8b49c238

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

fwpuclnt

wininet

ws2_32

iphlpapi

wtsapi32

userenv

user32

Exports

Exports

Sections

.text Size: - Virtual size: 112KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 2.2MB

.vmp1 Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 512B - Virtual size: 308B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 112KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 2.2MB

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 512B - Virtual size: 308B

.rsrc
Size: 512B - Virtual size: 480B