a8b94419e3c0b4b2eaafb560f9696dfab0de2d5574bab3b3b971be393c169dff

Sharing

Copy URL Twitter E-mail

General

Target

a8b94419e3c0b4b2eaafb560f9696dfab0de2d5574bab3b3b971be393c169dff
Size

4.7MB
MD5

333b46c9b53dfb9ede68c5131adfba25
SHA1

548361068f1a97085e97780065de26636e2a03dd
SHA256

a8b94419e3c0b4b2eaafb560f9696dfab0de2d5574bab3b3b971be393c169dff
SHA512

0b98e5b865497c1c2b7b6f0162f3864a9d09febd944c30c658ecfb1f951c358682603707f942a664ae9e852cccd342904230314c0fda64bac54cb65a31859bf6
SSDEEP

98304:nowFKgGpTtiF9CdzQdkO30xw26fsZJb+9H7ZMuAt8gYdd/D:nWTtiF4xO0Z1+5AtYD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8b94419e3c0b4b2eaafb560f9696dfab0de2d5574bab3b3b971be393c169dff

Files

a8b94419e3c0b4b2eaafb560f9696dfab0de2d5574bab3b3b971be393c169dff
.exe windows:5 windows x86 arch:x86

6aff28ea56fbc274827ce604114be37f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2015\DunRunGate\Release\GameLogin.pdb

Imports

kernel32

GetVersionExA
FindFirstFileW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SystemParametersInfoA

gdi32

SelectClipRgn

advapi32

ReportEventW

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromString

oleaut32

SysStringLen

shlwapi

PathIsDirectoryA

comctl32

_TrackMouseEvent

wininet

HttpQueryInfoA

ws2_32

socket

psapi

GetProcessImageFileNameA

crypt32

CertEnumCertificatesInStore

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6aff28ea56fbc274827ce604114be37f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

ws2_32

psapi

crypt32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 583KB

.data Size: - Virtual size: 37KB

.gfids Size: - Virtual size: 252B

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 2.4MB - Virtual size: 2.3MB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 583KB

.data
Size: - Virtual size: 37KB

.gfids
Size: - Virtual size: 252B

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 2.4MB - Virtual size: 2.3MB

.rsrc
Size: 16KB - Virtual size: 16KB