313d403f311d28ceb0ec258233f85c8a735783ce693e4d6dfdc9a1d88ae51de2

Sharing

Copy URL Twitter E-mail

General

Target

313d403f311d28ceb0ec258233f85c8a735783ce693e4d6dfdc9a1d88ae51de2
Size

728KB
MD5

97139e026be8bd9792237996ede30d1d
SHA1

7ecddc1dcf1aa7f865a7f4eeb69411e20996202e
SHA256

313d403f311d28ceb0ec258233f85c8a735783ce693e4d6dfdc9a1d88ae51de2
SHA512

60fa8db12f5521681951d4cabd8c4258a7d47b128a8bec7b8f9c8dbc70f335191beb6fbfd0bd0f965d20938c122f33fccfbd789be3d9bf9a3fae70e29ddc5914
SSDEEP

12288:fgudMFIV5yvRdKYRv5qA5TzeFPUPxqs8jpf3jRTJqaCvLN5vn14Xsnn23sGKc87e:3yFI+vR8YR7VqF3jF3jl87sskspc8xFF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
313d403f311d28ceb0ec258233f85c8a735783ce693e4d6dfdc9a1d88ae51de2

Files

313d403f311d28ceb0ec258233f85c8a735783ce693e4d6dfdc9a1d88ae51de2
.exe windows:4 windows x86 arch:x86

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

kernel32

GetFileSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CopyRect
MessageBoxA

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Add

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 869KB

.rdata Size: - Virtual size: 127KB

.data Size: - Virtual size: 294KB

.rsrc Size: 12KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 192KB

.vmp1 Size: 708KB - Virtual size: 706KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 869KB

.rdata
Size: - Virtual size: 127KB

.data
Size: - Virtual size: 294KB

.rsrc
Size: 12KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 192KB

.vmp1
Size: 708KB - Virtual size: 706KB

.reloc
Size: 4KB - Virtual size: 200B