e82997a70e0b39ba4f33e9fcb3b862a50f0bda46f14cee70d497145bb751642a

Sharing

Copy URL

Twitter E-mail

General

Target

e82997a70e0b39ba4f33e9fcb3b862a50f0bda46f14cee70d497145bb751642a
Size

6.1MB
MD5

7f2d736aa0bceadf56dd6dc94775fd45
SHA1

92fd856ea866c24051a7746093004da05e15ce89
SHA256

e82997a70e0b39ba4f33e9fcb3b862a50f0bda46f14cee70d497145bb751642a
SHA512

aa2c6f97af7840ac69500efd545a6f5a3026515d18b1148274629aa450d9e9837bbdb2c742aede66ce6bdff5a5cc9025ca3310870a9a8d2b60f0b0cb76445085
SSDEEP

98304:lf38J8q4aW4CAHVgQhONQrbgNyYNWFpJhXk53++pLt/dWIxiCU/ouyGUkVNjPCeD:t38J6JNy6WhXk53Xthxo7mkNjP3yzh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e82997a70e0b39ba4f33e9fcb3b862a50f0bda46f14cee70d497145bb751642a

Files

e82997a70e0b39ba4f33e9fcb3b862a50f0bda46f14cee70d497145bb751642a
.exe windows:5 windows x64 arch:x64

6a64c853f97b5106cc1ca2e2990e35b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90u

ord2344

msvcr90

?_type_info_dtor_internal_method@type_info@@QEAAXXZ

kernel32

GetVersionExW
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

RegisterWindowMessageW
CharUpperBuffW

gdi32

SelectObject

advapi32

ChangeServiceConfigW
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteW

shlwapi

PathFileExistsW

ole32

CLSIDFromString

oleaut32

GetErrorInfo

msvcp90

?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

winhttp

WinHttpConnect

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

version

VerQueryValueW

wininet

InternetOpenW

psapi

GetModuleFileNameExW

ws2_32

closesocket

comctl32

_TrackMouseEvent

wtsapi32

WTSSendMessageW

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SelfSec
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a64c853f97b5106cc1ca2e2990e35b0

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp90

winhttp

dbghelp

iphlpapi

version

wininet

psapi

ws2_32

comctl32

wtsapi32

Sections

.text Size: 681KB - Virtual size: 681KB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 7KB - Virtual size: 12KB

.pdata Size: 50KB - Virtual size: 50KB

SelfSec Size: 512B - Virtual size: 260B

.vmp0 Size: 2.2MB - Virtual size: 2.2MB

.vmp1 Size: 483KB - Virtual size: 482KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.text
Size: 681KB - Virtual size: 681KB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 7KB - Virtual size: 12KB

.pdata
Size: 50KB - Virtual size: 50KB

SelfSec
Size: 512B - Virtual size: 260B

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

.vmp1
Size: 483KB - Virtual size: 482KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB