cd456a783805fc552cb857fcee05c0cab2517eaab162ba2a371829c9ed96a6e3

Sharing

Copy URL Twitter E-mail

General

Target

cd456a783805fc552cb857fcee05c0cab2517eaab162ba2a371829c9ed96a6e3
Size

660KB
MD5

80f958a76762aab3f69f46a025978e7f
SHA1

5e23ec33dc86822b6d9e894a016dad9f22955485
SHA256

cd456a783805fc552cb857fcee05c0cab2517eaab162ba2a371829c9ed96a6e3
SHA512

e5ffe591cf5c8c76a8f49416197da40345dff24e74725da07f01d7be25edfc4925d3b6c79106d443d12628a5fd9377db6ed9e31bff1bfcf44a19fca622804f57
SSDEEP

12288:+vG2HwLUeFis3W8/KfVOdIJWBJVvqfO3krO3lAoqMFok:yG2QLa+B/Nddzvn3ag4M

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd456a783805fc552cb857fcee05c0cab2517eaab162ba2a371829c9ed96a6e3

Files

cd456a783805fc552cb857fcee05c0cab2517eaab162ba2a371829c9ed96a6e3
.exe windows:4 windows x86 arch:x86

e43f9b9c94a25a79e51372d4c533f681

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord693
ord695
ord696
ord698
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord550
ord629
ord552
ord660
ord662
Zombie_GetTypeInfo
ord591
ord593
ord594
ord595
ord598
ord599
ord520
ord631
ord709
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord606
ord714
ord607
ord608
ord531
ord717
ord319
ProcCallEngine
ord644
ord537
ord645
ord648
ord571
ord572
ord573
ord681
ord578
ord685
ord100
ord610
ord320
ord612
ord321
ord613
ord614
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord546
ord548
ord581

kernel32

GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
FreeLibrary
LoadResource
FindResourceExW
MultiByteToWideChar
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
WideCharToMultiByte
DecodePointer
EncodePointer
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetStringTypeW
IsProcessorFeaturePresent
Sleep
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW
CharUpperBuffW
wsprintfW

Sections

.text
Size: - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 640KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e43f9b9c94a25a79e51372d4c533f681

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Sections

.text Size: - Virtual size: 913KB

.data Size: - Virtual size: 37KB

.vmp0 Size: 8KB - Virtual size: 4KB

.vmp1 Size: - Virtual size: 471KB

.vmp2 Size: 640KB - Virtual size: 636KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: - Virtual size: 913KB

.data
Size: - Virtual size: 37KB

.vmp0
Size: 8KB - Virtual size: 4KB

.vmp1
Size: - Virtual size: 471KB

.vmp2
Size: 640KB - Virtual size: 636KB

.rsrc
Size: 8KB - Virtual size: 4KB