6a0f30d90c8df668aa3b1825bc7d1e140ad3b21457b91339610a600c3c85d07a

Sharing

Copy URL

Twitter E-mail

General

Target

6a0f30d90c8df668aa3b1825bc7d1e140ad3b21457b91339610a600c3c85d07a
Size

3.9MB
MD5

c6e75e096433767f459cbc8d5876b78e
SHA1

195fde566d4056c03802d2b0407e0168bf0c002c
SHA256

6a0f30d90c8df668aa3b1825bc7d1e140ad3b21457b91339610a600c3c85d07a
SHA512

39cf9d26acb42978c97bba28facb4f26b7b2721ef80bccea0da6aa86fc83f53cae0774809b48a39de3f33c69a41008b0864bffd356eb096e4e9c7bbea8fb3e67
SSDEEP

49152:wRYJKzGfHwu9zixesy8kbwQUyWOfqorfo4NLYaLjJl4jFVzab5YPzcuHdn4Tu5:IY9fHzigwtV9QfSaZCHmbi/9ou5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a0f30d90c8df668aa3b1825bc7d1e140ad3b21457b91339610a600c3c85d07a

Files

6a0f30d90c8df668aa3b1825bc7d1e140ad3b21457b91339610a600c3c85d07a
.exe windows:6 windows x86 arch:x86

567e2e5c4f79227d02ce3f0f41d26cc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

components

?global_app_downloads_dir@configure@@3VQString@@A

updater

??1Updater@@UAE@XZ

qtextension

?staticMetaObject@PluginManager@Extension@@2UQMetaObject@@B

qtframework

?startup@IModuleManager@@SAXXZ

kernel32

WideCharToMultiByte
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

CommandLineToArgvW

qtmodemanager

?mainWindow@ModeManager@Core@@SAPAVQWidget@@XZ

qtcomponents

?generatePixmap@StyleHelper@Utils@@SA?AVQPixmap@@ABVQString@@VQSize@@@Z

qtutils

?withExecutableSuffix@HostOsInfo@Utils@@SA?AVQString@@ABV3@@Z

qt5widgets

?wheelEvent@QWidget@@MAEXPAVQWheelEvent@@@Z

qt5gui

??1QIcon@@QAE@XZ

qt5core

?start@QThread@@QAEXW4Priority@1@@Z

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_type_info_name

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

567e2e5c4f79227d02ce3f0f41d26cc1

Headers

DLL Characteristics

File Characteristics

Imports

components

updater

qtextension

qtframework

kernel32

shell32

qtmodemanager

qtcomponents

qtutils

qt5widgets

qt5gui

qt5core

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 2KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.vmp0 Size: 1.6MB - Virtual size: 1.6MB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 366KB - Virtual size: 365KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 2KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.vmp0
Size: 1.6MB - Virtual size: 1.6MB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 366KB - Virtual size: 365KB