ac4e08f78ae18e31e3025d8d9ab2fa9c5fbfb8d90963ff1cfc8025a377803331

Sharing

Copy URL Twitter E-mail

General

Target

ac4e08f78ae18e31e3025d8d9ab2fa9c5fbfb8d90963ff1cfc8025a377803331
Size

7.4MB
MD5

61128fe63842e0b5f371feaedd81c1a8
SHA1

ec50f64f6433b17b2e5057c5e0374dfeb2a392b9
SHA256

ac4e08f78ae18e31e3025d8d9ab2fa9c5fbfb8d90963ff1cfc8025a377803331
SHA512

5a780789c7b23459fbbffb836e934a200adfb69cdc64c176d7b4c3165bdb42c1e58ed867ed8855dbc835ec7598466e9eb9113eed02c65750c628e0aef5dab751
SSDEEP

196608:rizfQYEPWup0OcOs3aUbFE8RagJ83+m/xEZj6:rM4Y53aYE058OmpYj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac4e08f78ae18e31e3025d8d9ab2fa9c5fbfb8d90963ff1cfc8025a377803331

Files

ac4e08f78ae18e31e3025d8d9ab2fa9c5fbfb8d90963ff1cfc8025a377803331
.exe windows:5 windows x86 arch:x86

bbcf99bab6d8685a057df666be0ade56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winmm

waveOutClose

ws2_32

inet_ntoa

version

VerLanguageNameA

rasapi32

RasGetConnectStatusA

kernel32

EnterCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

GetSystemPaletteEntries

winspool.drv

OpenPrinterA

comdlg32

ChooseFontA

advapi32

RegQueryValueExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

SafeArrayPutElement

odbc32

ord49

comctl32

ImageList_Create

oledlg

ord8

wininet

HttpSendRequestA

Sections

.text
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbcf99bab6d8685a057df666be0ade56

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

version

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

oledlg

wininet

Sections

.text Size: - Virtual size: 4.1MB

.rdata Size: - Virtual size: 5.7MB

.data Size: - Virtual size: 816KB

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 7.4MB - Virtual size: 7.4MB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: - Virtual size: 4.1MB

.rdata
Size: - Virtual size: 5.7MB

.data
Size: - Virtual size: 816KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 7.4MB - Virtual size: 7.4MB

.rsrc
Size: 44KB - Virtual size: 41KB