OPENSSL_Applink
General
-
Target
VCRUNTIME149D.exe
-
Size
28.8MB
-
MD5
6cf9071def060435cb462744d5ddc1af
-
SHA1
cf99941f4f1375a6180c6c1de083c743fa704182
-
SHA256
d72c951cbcbb7e56d07e6039a405b06f779fb9c40d99e355d0c71f265858f7b1
-
SHA512
c3f3317d447d452655a9c2512fd3c3833d70332aec84ef028b01d05b26802345666e00b9ed2a60ab777339ee7bf6cb0ddd5d9c2dcc34f0bb5550d366cbacfcbf
-
SSDEEP
393216:NVn51M7g+UWqhwDdbX21LYEMLKcGid8bSDw61c/MBzCl+L9YoJ1DrDB:Fqk+ZbmdYEM9GcDw6Ja+LW8rD
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource VCRUNTIME149D.exe
Files
-
VCRUNTIME149D.exe.exe windows:6 windows x64 arch:x64
b0219d364144a24f8104ef9f7bfb8c2d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
LocalFree
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
CreateDesktopA
gdi32
CreateSolidBrush
advapi32
CryptGetHashParam
shell32
SHGetFolderPathW
libssl-3-x64
OPENSSL_init_ssl
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
ntdll
RtlVirtualUnwind
d3d11
D3D11CreateDeviceAndSwapChain
ws2_32
getpeername
crypt32
CertFreeCertificateChain
imm32
ImmGetContext
d3dcompiler_43
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
normaliz
IdnToAscii
wldap32
ord79
shlwapi
PathFindFileNameW
rpcrt4
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception
api-ms-win-crt-stdio-l1-1-0
fseek
api-ms-win-crt-runtime-l1-1-0
exit
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-math-l1-1-0
pow
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
api-ms-win-crt-string-l1-1-0
strcspn
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-time-l1-1-0
_localtime64
api-ms-win-crt-environment-l1-1-0
getenv
Exports
Exports
Sections
.text Size: - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 312KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 18.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp2 Size: 28.8MB - Virtual size: 28.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ