785133086d1fd0265ca5a12223a705ee0ffce38652b08782972b874c3ab4d21d

Sharing

Copy URL Twitter E-mail

General

Target

785133086d1fd0265ca5a12223a705ee0ffce38652b08782972b874c3ab4d21d
Size

5.2MB
MD5

5fe400e504417335abaf42d5f7d4b88f
SHA1

197029972066c679e0ced969c19b2c37d9cf4791
SHA256

785133086d1fd0265ca5a12223a705ee0ffce38652b08782972b874c3ab4d21d
SHA512

fa9aa7a189d90cbebd8d8f4c37a1bec9e858a6f66dbc81ca0a70cb37e5b987543d02962ddeddca7fff05cd151ff270bd14bfe28c4faf056124b7e4ac4a6fc07b
SSDEEP

98304:4ld2aBpss4Qv2cotTP7KbYVYRSZbcFCgNIxELNJNVyQHepRGh3OwqCk25srmpyOZ:gE3s4Q+bGkYRSZbCCgkEbVepRGIwRk5u

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
785133086d1fd0265ca5a12223a705ee0ffce38652b08782972b874c3ab4d21d

Files

785133086d1fd0265ca5a12223a705ee0ffce38652b08782972b874c3ab4d21d
.exe windows:5 windows x86 arch:x86

4abe3c4d691c15d30f12fe137106da94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMonitorInfoA

gdi32

CreatePatternBrush

advapi32

RegOpenKeyExA

shell32

SHBrowseForFolderA

ole32

OleLockRunning

oleaut32

SysFreeString

ws2_32

socket

comctl32

InitCommonControlsEx

gdiplus

GdipMeasureString

imm32

ImmGetContext

shlwapi

PathFindFileNameA

winmm

PlaySoundA

Sections

.text
Size: - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4abe3c4d691c15d30f12fe137106da94

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

comctl32

gdiplus

imm32

shlwapi

winmm

Sections

.text Size: - Virtual size: 449KB

.rdata Size: - Virtual size: 117KB

.data Size: - Virtual size: 19KB

.tls Size: 512B - Virtual size: 17B

.vmp0 Size: - Virtual size: 4.7MB

.vmp1 Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 512B - Virtual size: 188B

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: - Virtual size: 449KB

.rdata
Size: - Virtual size: 117KB

.data
Size: - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 17B

.vmp0
Size: - Virtual size: 4.7MB

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 17KB - Virtual size: 17KB