30e1bc1da151fb1f93e72e1b71352cfe54675c6ae3efd00dcb7a67519793499a

Sharing

Copy URL Twitter E-mail

General

Target

30e1bc1da151fb1f93e72e1b71352cfe54675c6ae3efd00dcb7a67519793499a
Size

728KB
MD5

79722af385a59f50a16fd6b55c8950fd
SHA1

9f804356c9b4cee55bfa3458b6634a4a148c2732
SHA256

30e1bc1da151fb1f93e72e1b71352cfe54675c6ae3efd00dcb7a67519793499a
SHA512

bc37e531f81c1a2fd784bc20a3f160458d135f8c2a305c61fb68ec5673b83d9dfa22773876476310a1b5a18836c9081fb6cf5a5099d0f2434fe86f32000f3970
SSDEEP

12288:fgudMFIV5yvRdKYRv5qA5TzeFPUPxqs8jpf3jRTJqaCvLN5vn1JXsnn23sGKc87e:3yFI+vR8YR7VqF3jF3jl87fskspc8xFF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30e1bc1da151fb1f93e72e1b71352cfe54675c6ae3efd00dcb7a67519793499a

Files

30e1bc1da151fb1f93e72e1b71352cfe54675c6ae3efd00dcb7a67519793499a
.exe windows:4 windows x86 arch:x86

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

kernel32

GetFileSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CopyRect
MessageBoxA

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Add

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 869KB

.rdata Size: - Virtual size: 127KB

.data Size: - Virtual size: 294KB

.rsrc Size: 12KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 192KB

.vmp1 Size: 708KB - Virtual size: 706KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 869KB

.rdata
Size: - Virtual size: 127KB

.data
Size: - Virtual size: 294KB

.rsrc
Size: 12KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 192KB

.vmp1
Size: 708KB - Virtual size: 706KB

.reloc
Size: 4KB - Virtual size: 200B