a6f253f5eab0c2db271e6c4858cd0d6c083b3fc242f6ce21b58d907f1a0c8505

Sharing

Copy URL

Twitter E-mail

General

Target

a6f253f5eab0c2db271e6c4858cd0d6c083b3fc242f6ce21b58d907f1a0c8505
Size

728KB
MD5

25b7abb9a4beef958c411801a27b5d26
SHA1

b60b713b93639ccf3022bbcfca4e1b5c4b80d697
SHA256

a6f253f5eab0c2db271e6c4858cd0d6c083b3fc242f6ce21b58d907f1a0c8505
SHA512

f21ad21ff4073dc34b8b8c4712e68558e7b37513cb9beb084354dbedeacc1bc8e50d53038d62d374028f535c4946633802ba2dae0ef878242ab85b966974c57b
SSDEEP

12288:fgudMFIV5yvRdKYRv5qA5TzeFPUPxqs8jpf3jRTJqaCvLN5vn1MXsnn23sGKc87e:3yFI+vR8YR7VqF3jF3jl87cskspc8xFF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6f253f5eab0c2db271e6c4858cd0d6c083b3fc242f6ce21b58d907f1a0c8505

Files

a6f253f5eab0c2db271e6c4858cd0d6c083b3fc242f6ce21b58d907f1a0c8505
.exe windows:4 windows x86 arch:x86

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

kernel32

GetFileSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CopyRect
MessageBoxA

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Add

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 869KB

.rdata Size: - Virtual size: 127KB

.data Size: - Virtual size: 294KB

.rsrc Size: 12KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 192KB

.vmp1 Size: 708KB - Virtual size: 706KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 869KB

.rdata
Size: - Virtual size: 127KB

.data
Size: - Virtual size: 294KB

.rsrc
Size: 12KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 192KB

.vmp1
Size: 708KB - Virtual size: 706KB

.reloc
Size: 4KB - Virtual size: 200B