d9e8fae53ca2443bd8993ce92fb21e57b049a4d57a033dfae19b5952a2eed9b4

Sharing

Copy URL Twitter E-mail

General

Target

d9e8fae53ca2443bd8993ce92fb21e57b049a4d57a033dfae19b5952a2eed9b4
Size

6.1MB
MD5

f600c7ee189f6e9ba880b2fc4b800f5b
SHA1

56900241a7e316fba06286dca3fb5d31187eb012
SHA256

d9e8fae53ca2443bd8993ce92fb21e57b049a4d57a033dfae19b5952a2eed9b4
SHA512

dbf0b7e12fbdb4709319fd8c2838f55d100007da12a08251783d0c79d6abd270f24261672ebe4dd7aa4c8acc61f3804720b20e92c4a0acd99437fe057e9df215
SSDEEP

98304:U3hxiCju9U4shWcuat3RF3LzQOYfbJo6I3aCc7McEStgaEplleD0GbA0UItvulgv:URxrju9GusmBIoj6aEplb0UIH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9e8fae53ca2443bd8993ce92fb21e57b049a4d57a033dfae19b5952a2eed9b4

Files

d9e8fae53ca2443bd8993ce92fb21e57b049a4d57a033dfae19b5952a2eed9b4
.exe windows:5 windows x86 arch:x86

6e7e22bf3606c05ba9416975b053bc9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

winmm

midiStreamClose

ws2_32

WSAAsyncSelect

version

GetFileVersionInfoA

kernel32

GetFileType
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

OffsetRect

gdi32

CreatePatternBrush

winspool.drv

OpenPrinterA

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyA

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize

oleaut32

SafeArrayAccessData

odbc32

ord11

comctl32

ImageList_Read

wininet

InternetCloseHandle

Sections

.text
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e7e22bf3606c05ba9416975b053bc9d

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

version

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

wininet

Sections

.text Size: - Virtual size: 4.1MB

.rdata Size: - Virtual size: 3.0MB

.data Size: - Virtual size: 795KB

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.rsrc Size: 52KB - Virtual size: 49KB

.text
Size: - Virtual size: 4.1MB

.rdata
Size: - Virtual size: 3.0MB

.data
Size: - Virtual size: 795KB

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.rsrc
Size: 52KB - Virtual size: 49KB