564997bc5d4eed6038264afacfe7ae47ca75aac84f3bf4e728693202c21d721b

Sharing

Copy URL

Twitter E-mail

General

Target

564997bc5d4eed6038264afacfe7ae47ca75aac84f3bf4e728693202c21d721b
Size

5.5MB
MD5

c51d4a249b86571bbb91e5e6b0498b03
SHA1

79177a9df72fb992e0fee1ae90dabb8d0ff06efb
SHA256

564997bc5d4eed6038264afacfe7ae47ca75aac84f3bf4e728693202c21d721b
SHA512

a4049929ed44c76c72f40e5641be8c0046600f10a55dddf190ceaf078f7c193d104e3db5a688f3a8f7e70dfbaf23cd07fe490643b875ca414bfd3e922d3e169d
SSDEEP

98304:Nd1aYxiTQrwnyaTTb8vmxjP0b+7nKZYsmVYkkXsp8aaTzfhE:Nd84iTZnyaws8AKZYscYkBp87hE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
564997bc5d4eed6038264afacfe7ae47ca75aac84f3bf4e728693202c21d721b

Files

564997bc5d4eed6038264afacfe7ae47ca75aac84f3bf4e728693202c21d721b
.dll windows:5 windows x86 arch:x86

e721dc8d056004a8f43960a62600aba2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegQueryInfoKeyW

wininet

InternetCloseHandle

winmm

timeGetTime

winhttp

WinHttpGetIEProxyConfigForCurrentUser

version

GetFileVersionInfoSizeW

wtsapi32

WTSSendMessageW

Exports

Exports

?GetRegisterObj@@YAPAVIRegisterManager@@XZ

Sections

.text
Size: - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 997B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e721dc8d056004a8f43960a62600aba2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

winmm

winhttp

version

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 250KB

.rdata Size: - Virtual size: 73KB

.data Size: - Virtual size: 26KB

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 997B

.text
Size: - Virtual size: 250KB

.rdata
Size: - Virtual size: 73KB

.data
Size: - Virtual size: 26KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 997B