e1d953f02a5ee64c7bdd914dbb43192f0f937fef135dc3e560b6ee7b14fb876a

Sharing

Copy URL Twitter E-mail

General

Target

e1d953f02a5ee64c7bdd914dbb43192f0f937fef135dc3e560b6ee7b14fb876a
Size

9.8MB
MD5

8a6ef1bd72940b270f9bd40b27f21e1a
SHA1

91d14aa3c72ba7dff806ba4181292d5cafe3e02e
SHA256

e1d953f02a5ee64c7bdd914dbb43192f0f937fef135dc3e560b6ee7b14fb876a
SHA512

0f42593ea0fbc0c2573fd6813af48fdb9f495bff2fae79617a963891ad76581de77d68e5ae2d492460e2ba80ac8eb6b360db388478fe9c98804324200c6820c8
SSDEEP

196608:0fZkEyJAKhYam8nauanPuO/jG684Pj+l2gjZVTW:0fSnaKcBhPuOa6TqkgN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1d953f02a5ee64c7bdd914dbb43192f0f937fef135dc3e560b6ee7b14fb876a

Files

e1d953f02a5ee64c7bdd914dbb43192f0f937fef135dc3e560b6ee7b14fb876a
.exe windows:5 windows x86 arch:x86

f4c207c895b90f16ab782f62198307a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

waveOutUnprepareHeader

ws2_32

select

kernel32

GetVersion
GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

LineTo

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyExA

shell32

DragAcceptFiles

ole32

CoGetClassObject

oleaut32

SafeArrayAccessData

comctl32

ImageList_GetImageCount

oledlg

ord8

wininet

InternetCloseHandle

wldap32

ord29

comdlg32

GetFileTitleA

wtsapi32

WTSSendMessageW

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4c207c895b90f16ab782f62198307a7

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

wldap32

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.4MB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 750KB

.vmp0 Size: - Virtual size: 6.1MB

.vmp1 Size: 9.8MB - Virtual size: 9.8MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 1.4MB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 750KB

.vmp0
Size: - Virtual size: 6.1MB

.vmp1
Size: 9.8MB - Virtual size: 9.8MB

.rsrc
Size: 20KB - Virtual size: 19KB