8935379197eb6d45bd235150a3a58c879eb243f6c656ede98902837e5a14deb1

Sharing

Copy URL Twitter E-mail

General

Target

8935379197eb6d45bd235150a3a58c879eb243f6c656ede98902837e5a14deb1
Size

4.2MB
MD5

6d87fae5675ea173d7b2695eb485ab14
SHA1

781aa85584f5491558209d2772e5f3731970a58a
SHA256

8935379197eb6d45bd235150a3a58c879eb243f6c656ede98902837e5a14deb1
SHA512

12740046b7c53e91c579e74697fc62c3782edaa6b74e20622327294d3bae7d435326b7cc8035d54f99b50c532295328add99633ac8265e23b48717f5d1a78311
SSDEEP

98304:7KcBNy5zwsxX+VwjMDbOmORrlKS7i39r2Vr:/8n1jMumOXKui34r

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8935379197eb6d45bd235150a3a58c879eb243f6c656ede98902837e5a14deb1

Files

8935379197eb6d45bd235150a3a58c879eb243f6c656ede98902837e5a14deb1
.exe windows:5 windows x86 arch:x86

7ab7d5cd4fbe362bf1e1a31d99b02227

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetVersionExA
FindResourceExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClipboardFormatNameW

gdi32

CreateRectRgn

comdlg32

GetFileTitleW

winspool.drv

GetJobW

advapi32

GetFileSecurityW

shell32

ExtractIconW

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID

oleaut32

VariantChangeType

gdiplus

GdipCloneImage

setupapi

SetupDiEnumDeviceInterfaces

hid

HidD_SetFeature

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ab7d5cd4fbe362bf1e1a31d99b02227

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

setupapi

hid

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 283KB

.data Size: - Virtual size: 35KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 162KB - Virtual size: 161KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 283KB

.data
Size: - Virtual size: 35KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 162KB - Virtual size: 161KB