083eeac973a5cb3ebe73ba09cb1f8db9894aeacd5968c461f65766c76a89b232 | Triage

Sharing

General

Target

083eeac973a5cb3ebe73ba09cb1f8db9894aeacd5968c461f65766c76a89b232
Size

8.6MB
MD5

c2ebeb9cb041690ace3b942bd8063c3e
SHA1

c2443ac8982df59394f5f332d9dda8885c562cfe
SHA256

083eeac973a5cb3ebe73ba09cb1f8db9894aeacd5968c461f65766c76a89b232
SHA512

b525d26e60115d1d389c9a3d604e8e12ba694bba24052e09fdee74d96d43f5a646d82a06dbdde2f2be05cee1477c1389769aeac325ea2c7bb77035f8a26725f2
SSDEEP

196608:kRdiT1znABCwKtZDeFwDhKRjpF+7iO8FbY7:R1znne6QjaiPFs7

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
083eeac973a5cb3ebe73ba09cb1f8db9894aeacd5968c461f65766c76a89b232

Files

083eeac973a5cb3ebe73ba09cb1f8db9894aeacd5968c461f65766c76a89b232
.dll windows:4 windows x86 arch:x86

96afcf5d068a1bd71c574c393bdd8005

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
FindNextFileA
FindFirstFileA
GetPrivateProfileStringA
GetCommandLineA
GetModuleFileNameA
GetTickCount
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetSystemDirectoryA
GetTempPathA
GetProcessHeap
FindClose
OutputDebugStringA
GetWindowsDirectoryA

user32

DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
GetMessageA
PeekMessageA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

msvcrt

_ftol
rand
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
srand

shlwapi

PathFileExistsA

shell32

SHGetSpecialFolderPathA

Exports

Exports

Run
Ver

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8.5MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ