4e14d8085d316385f8d91d3c24284747da364f441ad261f5d60337f2b2fd1163

Sharing

Copy URL Twitter E-mail

General

Target

4e14d8085d316385f8d91d3c24284747da364f441ad261f5d60337f2b2fd1163
Size

5.6MB
MD5

1c48ed6ae8192d3184eb28389debf76e
SHA1

49a23cde8ba25cd8879dfea23b353f7667b83aa4
SHA256

4e14d8085d316385f8d91d3c24284747da364f441ad261f5d60337f2b2fd1163
SHA512

31104b60799ff98376171eb8a54b5b6d0e1549f9ced0d357f440fe551dc5600b8ca0e68dc56d129078f07be0a3086f6d1089dcb7905839e8c11eb1b8277b872d
SSDEEP

98304:U1dou8Bhrh8y6VdrCG/zMd1d5xpadgVmIiHjzkAKBOZXtA2njYM:UkuareDLewgd5klIiUAeiWm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e14d8085d316385f8d91d3c24284747da364f441ad261f5d60337f2b2fd1163

Files

4e14d8085d316385f8d91d3c24284747da364f441ad261f5d60337f2b2fd1163
.dll windows:6 windows x64 arch:x64

9494d4c31b912a9fc797f659fbf4b11b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

CreateCdmInstance
DeinitializeCdmModule
GetCdmVersion
GetHandleVerifier
InitializeCdmModule_4
VerifyCdmHost_0

Sections

.text
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 761B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9494d4c31b912a9fc797f659fbf4b11b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 148KB

.rdata Size: - Virtual size: 75KB

.data Size: - Virtual size: 13KB

.pdata Size: - Virtual size: 8KB

_RDATA Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 3.6MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 1024B - Virtual size: 761B

.text
Size: - Virtual size: 148KB

.rdata
Size: - Virtual size: 75KB

.data
Size: - Virtual size: 13KB

.pdata
Size: - Virtual size: 8KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 3.6MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 1024B - Virtual size: 761B