ad7c7bb39f7b6ed90f2ce839573a29fc80dc4b760ccfe1609990c736f77d854a

Sharing

Copy URL Twitter E-mail

General

Target

ad7c7bb39f7b6ed90f2ce839573a29fc80dc4b760ccfe1609990c736f77d854a
Size

8.2MB
MD5

655ff1b85c8cb9a682086b81c3451624
SHA1

2c1962d149b11fc475acc50515f6b726fbb05932
SHA256

ad7c7bb39f7b6ed90f2ce839573a29fc80dc4b760ccfe1609990c736f77d854a
SHA512

bc8bf710986ccdf671fa07420b04ff9acd22bb40474ea853d24c57dde2c5ebb31197b537a4e55474a164368d81a3319d86df347dd775658e55b44fccd1523de6
SSDEEP

196608:tLMRzAGQHt0/SufS+XIbtVEYGrKd2W47KZF8JCczDq3kUQnPquTF:NMFE4SufBXIbDEcMWFH8vvXP7F

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad7c7bb39f7b6ed90f2ce839573a29fc80dc4b760ccfe1609990c736f77d854a

Files

ad7c7bb39f7b6ed90f2ce839573a29fc80dc4b760ccfe1609990c736f77d854a
.exe windows:5 windows x86 arch:x86

3042ce89304a9308201f298d09b62f0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2015\DunRunGate\Release\GameLogin.pdb

Imports

kernel32

GetVersionExA
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendMessageA

gdi32

CreateCompatibleBitmap

advapi32

CryptReleaseContext

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

VariantClear

shlwapi

PathIsDirectoryA

comctl32

InitCommonControlsEx

wininet

InternetOpenUrlA

ws2_32

closesocket

psapi

GetProcessImageFileNameA

crypt32

CertOpenStore

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3042ce89304a9308201f298d09b62f0b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

ws2_32

psapi

crypt32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 583KB

.data Size: - Virtual size: 37KB

.gfids Size: - Virtual size: 252B

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 583KB

.data
Size: - Virtual size: 37KB

.gfids
Size: - Virtual size: 252B

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 16KB - Virtual size: 16KB