28e4170675ab3a24df7e071891f539c78a18a80268846c42ca97284b16a9e46c

Sharing

Copy URL Twitter E-mail

General

Target

28e4170675ab3a24df7e071891f539c78a18a80268846c42ca97284b16a9e46c
Size

1.3MB
MD5

302231ae2156a28615dae891473388ce
SHA1

4e82e2e30f2b83f091e9414b7805bf38acb23395
SHA256

28e4170675ab3a24df7e071891f539c78a18a80268846c42ca97284b16a9e46c
SHA512

eff92b934d6896d2caf47cfd3b8db51bc00fe6278685f1b6e5c495afd216120bfec184bd6085b080e685cbf26f03fe4fd6cdc4553c978617a160f957954c9ff7
SSDEEP

24576:GipqWJ51ua8KT4agtdFEeP50usxxC/UQmi0H4QH13OuORp1DKz/:GyqWJ51dTL8dq2jsx4/UTYQH13OusfO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e4170675ab3a24df7e071891f539c78a18a80268846c42ca97284b16a9e46c

Files

28e4170675ab3a24df7e071891f539c78a18a80268846c42ca97284b16a9e46c
.dll windows:4 windows x86 arch:x86

9ca994e6d1f06195549034205aa42f6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

OffsetRect
MessageBoxA

gdi32

GetDCOrgEx

comdlg32

CommDlgExtendedError

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

DragQueryFileA

comctl32

ImageList_Draw

oledlg

ord3

ole32

OleLockRunning

olepro32

ord253

oleaut32

VariantCopy

msvfw32

DrawDibClose

Exports

Exports

GetInstallDetailsPayload
SignalChromeElf
SignalInitializeCrashReporting
StartAntiLsp

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ca994e6d1f06195549034205aa42f6e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

msvfw32

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 130KB

.data Size: - Virtual size: 101KB

.idata Size: - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 12KB

.vmp0 Size: - Virtual size: 76KB

.vmp1 Size: - Virtual size: 864KB

.vmp2 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 4KB - Virtual size: 140B

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 130KB

.data
Size: - Virtual size: 101KB

.idata
Size: - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 12KB

.vmp0
Size: - Virtual size: 76KB

.vmp1
Size: - Virtual size: 864KB

.vmp2
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 4KB - Virtual size: 140B