960c6f8fa456234b35e1681873b0eac2d854f2a0338c2214a5bdfb2a3282c95f

Sharing

Copy URL Twitter E-mail

General

Target

960c6f8fa456234b35e1681873b0eac2d854f2a0338c2214a5bdfb2a3282c95f
Size

10.8MB
MD5

1daff277e1c48ddb9f7cd910585dc8df
SHA1

d9f02765a2cc5f686ed8cebcead448686ca04cab
SHA256

960c6f8fa456234b35e1681873b0eac2d854f2a0338c2214a5bdfb2a3282c95f
SHA512

eea4bdc4db879782090052da7130c6280c737a5ef26f89df0d524bd8055d31dc924e62fe84173822d1228aff856e6bcee84ddb5eb719a1ebf9909e84db30794f
SSDEEP

196608:7WItZr74GC2xscUyeC/x9oncahBUboSGjKOHrh2DjjCTmlIZ98:n7XvscUyeC59oncazko5drsjjCQk9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
960c6f8fa456234b35e1681873b0eac2d854f2a0338c2214a5bdfb2a3282c95f

Files

960c6f8fa456234b35e1681873b0eac2d854f2a0338c2214a5bdfb2a3282c95f
.exe windows:5 windows x86 arch:x86

0895b701aaa07be5304d2462dbd4bce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qt5core

?qt_metacast@QParallelAnimationGroup@@UAEPAXPBD@Z

qt5gui

??0QColor@@QAE@W4GlobalColor@Qt@@@Z

qt5widgets

?metaObject@QFrame@@UBEPBUQMetaObject@@XZ

kernel32

GetTickCount
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

libeay32

ord492

hidapi

hid_init

msvcp120

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z

msvcr120

_fmode

ws2_32

connect

shell32

CommandLineToArgvW

wtsapi32

WTSSendMessageW

Exports

Exports

�5�g��N��Fz��T�6�.O5 ��*w��X� ݆k�X�_�Q��q�$`1R}>�J��DmK�:L��[��א�4�fkB�}�wz1�v�ۿ��-!�Wjܗ�z��+>*�!�G�|-YB��g �A��y��R�8a��\��@��K��6#��0R��2�g�LZk2�@hP�ԧ\X;��O&Z1�3��q��R] %� [��'��}��*M#�3��`�{�v�*nxl�;��y|�@؍gMw� +�K�7%% <!�w�~H�W�A��rp��]XPA�i�O�)Ń�h��G͵��Z|x��iJ-�=/��9�һ��Sv��n��+�,4�#�H�Y�xf�|x��=ݘ�{��(��m�u�kE�}.R�x�[�:��X}euE @v�S�5B��*`��C�!�sVe��x��a��i�&��|$�� 9��@P�8s]��(o��[��IN�-��J�n��u��E��"�U]�T��5�"��M:'o��" ��<l��)K��Ms�� dՕ&�xz� \gD�CT��&��G�.��B��S�W��Ӛ�f�I�1{~��z!��7��y�@�\K+P]�F�x�p=�!�Fw�9�ٽ��Lg��͐~��H��v�H&��j��Q��J��@��j%�-Ay��"��(��DSj�uA6S�� ]W��50vm��!�g��C){��hB��ȑ]v!�}I�dҌ��B�̼��~ � A��&��cR��$�;9��P��ݼd��X�T-(�Zj��~�� M ��)YQɝPQ˽�[HF"_k~^�\F|�5��i4e>P�E.e9&�D��*B��r�C�� a&�o�R��[ٸ:f��"q��tM�̯� ��V|lz`�S%� ��2ܳd5�}�=�R��%dq=��R9�p��.%[�lMhy ,J�s��y��r�i��/�#2>��?�9�vQ\�w<�󬏇��n3��[_�� 44uA�=�F�Ǣ4��j�Uy,j��/q��:��k�\`I��5�=�� ?D�rֳD��CT_y��7�p�op��&3=�'n ��u ;y�L��L��X�W��*%0d�l?A`��Nð+�U�B,78pj��<��&�-㉹�k��h��8 tf�Qy��ch<4Gii�L��rT�a�� `VH��hs^>��4NX�(��/&h#�ό�&,��E��^ �nѿ=�.T�+�Y�d�x`F퐤d$�F`��[��!��'7��hc��P��\�:��ܱ״«f��݌��r��t</�p')�U ' i�h��+n��x��%#5��j"m�P&kKT�L��83�H'W;^G��e�y�ظ�6�A��x�:�m��8I�J��0��M��p[��x�LFtB�'2_�iX4�5�Y1��s��@l(ie�?�i,(˩G�Q�_�Ma��P��_�[�_��ֽ"]��i��@Z &6��É�ĵ}.*��Yy�JQF��e�k��t��-��t x� ��0��M-�zqcb�.��ξ��Ӥn��fJ1�q�Ε�x��p��<Ӕ��@R� �fU�/��A Nˁ��O��͡*@{i5x�D9K�X��:�l� ��D�e�'��@�4��5e�a7ܰ}��[]�D��y��t�IN��˕KNQ��t��`��*��#��n[4�r��xU6�}�5��o��=Dx��}/ �;��B�v��xs��R<Y'��wY��Rj͂��,��-��oyq;��k9P1{�M�p��I��SW�7�-��A�a�fu+��{}�w�ݣ��;�-��[O�K�$#�i�x&�h��-69��?��2�HȺ��g�,�&�(ء.�~t��:��_z��ݍ��s�F��B r��{��vy�r��u'��r�y��Z�q|��r��T8b�{n��\�9��ʇĝ��Җ�L�'a��ڞ�BrF@ԜI�,\I ��v��͢��yL�Ǚm7d��~�>�jr��'H @��ہ9��ba+w�U��Y͑��s�� r��ۖbt�S��]��ѥ��Y}�{X��P׭s��@=C��ݦ��8��r+ 5�EI�*��LWL8�1VlU�\�k j��5�5d��\�کӖ/oqL�2��j��I�ڦa�fr.�nˇ��֍��ݝX��tG,*Q��\��C�+b�5�M)��(�6Pr=� �F]�Q�~dON��٧��~��E/��{�baR{�1�|�� Wf�0�sC��y^'\��#�ıO� |a�8\)o��|��%A-�`D�{t�_��W+odx�N9)>.pT�B(Co�C4fW��0a��W��b2��Ab7?M��y;��V�i�W\��o��4l�d��v�@�Y;g��W��lׅ��!1��W��$��L(��q~�c.��u�*��0Ǆ5Q 9e�ʶh�yЧ�wq�4��3�[��#�i��2`v��f��YD�o}J�W��-��"�Q0�Y��/� �� f�*�#��F^�8��n�nw�� j}'E H�1��։z��9r��"G+�~D;o�i{��֋:s֍B��fc�V�� gRB�؋^�� _��b��֣��%H�ٝ��U�`��3�̍��(��9/�q𬐐g�l�ݎ��[�`2��\F9mu��X��vH�s�h�>3^'��k;��,'u�~)��2�%�̈́e�oA�_sR$ K`��ߘ��1�t�c��b��ݞ15w�n*�41n%㵚x�3�p�b��i�M�$ �lN+��&�.Di�E�W�~A~&}|c

Sections

.text
Size: - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0895b701aaa07be5304d2462dbd4bce7

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

qt5gui

qt5widgets

kernel32

user32

libeay32

hidapi

msvcp120

msvcr120

ws2_32

shell32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 155KB

.rdata Size: - Virtual size: 3.2MB

.data Size: - Virtual size: 431KB

.vmp0 Size: - Virtual size: 5.2MB

.vmp1 Size: 10.7MB - Virtual size: 10.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: - Virtual size: 155KB

.rdata
Size: - Virtual size: 3.2MB

.data
Size: - Virtual size: 431KB

.vmp0
Size: - Virtual size: 5.2MB

.vmp1
Size: 10.7MB - Virtual size: 10.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 93KB - Virtual size: 92KB