b6f49f556e1d8bb7179a64bd5c416c0e5c19b058c35f5873351b24efd2059824

Sharing

Copy URL Twitter E-mail

General

Target

b6f49f556e1d8bb7179a64bd5c416c0e5c19b058c35f5873351b24efd2059824
Size

728KB
MD5

830e5276ccdd1cdeea84df306e1de629
SHA1

c8c91b8cd0ff2cbe8f549425c70893de453f22f1
SHA256

b6f49f556e1d8bb7179a64bd5c416c0e5c19b058c35f5873351b24efd2059824
SHA512

f7fcc41cd880bf89ed30a157b34c6dddcb92fb29c0d48cbc0927027e4903af16270f4b883ce5b97938961dac64c5d98f96dd34eb8d0cac516785e2ae4e864624
SSDEEP

12288:fgudMFIV5yvRdKYRv5qA5TzeFPUPxqs8jpf3jRTJqaCvLN5vn1AXsnn23sGKc87e:3yFI+vR8YR7VqF3jF3jl870skspc8xFF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6f49f556e1d8bb7179a64bd5c416c0e5c19b058c35f5873351b24efd2059824

Files

b6f49f556e1d8bb7179a64bd5c416c0e5c19b058c35f5873351b24efd2059824
.exe windows:4 windows x86 arch:x86

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

kernel32

GetFileSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CopyRect
MessageBoxA

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Add

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 869KB

.rdata Size: - Virtual size: 127KB

.data Size: - Virtual size: 294KB

.rsrc Size: 12KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 192KB

.vmp1 Size: 708KB - Virtual size: 706KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 869KB

.rdata
Size: - Virtual size: 127KB

.data
Size: - Virtual size: 294KB

.rsrc
Size: 12KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 192KB

.vmp1
Size: 708KB - Virtual size: 706KB

.reloc
Size: 4KB - Virtual size: 200B