fd2b6e98ea7776415481f8649b72e97f8e269a71ae1398001434cc6478557553

Sharing

Copy URL Twitter E-mail

General

Target

fd2b6e98ea7776415481f8649b72e97f8e269a71ae1398001434cc6478557553
Size

1001KB
MD5

829ed456dfe2d3753866f4b6733b01e3
SHA1

4d0aa4ccc4b04610583ef007c481953a392ed317
SHA256

fd2b6e98ea7776415481f8649b72e97f8e269a71ae1398001434cc6478557553
SHA512

cbb0ae33cc5df9256a4f03169845bba2bc0eccd97c24cf6989a0ef269f622a16480fe134b4106c0c387324e2808ef9786d3f9ea608d0a5228e32f3d0282dfd5b
SSDEEP

24576:/eMKC13TjtbO62+xVkBlCQVGTxtgBTbkUrvEVmIrRGjdxwFUPOPc:/7D3T5M+QBMQkDgBUKvumORGZ+6PO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd2b6e98ea7776415481f8649b72e97f8e269a71ae1398001434cc6478557553

Files

fd2b6e98ea7776415481f8649b72e97f8e269a71ae1398001434cc6478557553
.dll windows:5 windows x86 arch:x86

097f1adf2c49f6d11f36fdf2b6fa08e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\SVN\无限项目\功能插件\服务端\插件\PGM2Plugin_V1.2.8\Release_APP\PGM2Plugin.pdb

Imports

ws2_32

connect

user32

GetWindowDC

kernel32

GetVersionExA
GetACP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

CreateCompatibleDC

gdiplus

GdipCreateBitmapFromScan0

wininet

InternetWriteFile

Exports

Exports

InitPlugin
UnInitPlugin

Sections

.text
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 997KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

097f1adf2c49f6d11f36fdf2b6fa08e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

user32

kernel32

gdi32

gdiplus

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 580KB

.rdata Size: - Virtual size: 68KB

.data Size: - Virtual size: 29KB

.vmp0 Size: - Virtual size: 633KB

.vmp1 Size: 997KB - Virtual size: 997KB

.reloc Size: 512B - Virtual size: 136B

.rsrc Size: 2KB - Virtual size: 36KB

.text
Size: - Virtual size: 580KB

.rdata
Size: - Virtual size: 68KB

.data
Size: - Virtual size: 29KB

.vmp0
Size: - Virtual size: 633KB

.vmp1
Size: 997KB - Virtual size: 997KB

.reloc
Size: 512B - Virtual size: 136B

.rsrc
Size: 2KB - Virtual size: 36KB