Point Blank Hilesi BKBTB[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Point Blank Hilesi BKBTB.rar
Size

7.6MB
MD5

7ed8793c2c47a37aae1b89c1cde595ed
SHA1

d8c1b7d9a9969cf517ac24f41b2aec61fad0f9a8
SHA256

f2ca9802ec0f8fe2ed43b087e913a548e123788e74839be09eab25eee3a31ec1
SHA512

13da042b9755619fd57554374a09ed0536da9fa0612c587b23859008450d8d6512b6b54674660c88e368615e2fc48d3015e5165c880a6387405438dc9fcee8f1
SSDEEP

196608:6Zs5eEhRggKQRlcdCKkODs6MKYZyS47x/h5:6Zs5BRggBAMKzt1r

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Point Blank Hilesi BKBTB/freeSEC.exe	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Point Blank Hilesi BKBTB/Oyun Savar.exe
unpack001/Point Blank Hilesi BKBTB/freeSEC.exe

Files

Point Blank Hilesi BKBTB.rar
.rar
Point Blank Hilesi BKBTB/Oyun Savar.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Berkant\Desktop\AdsVX\AdsVX\obj\Debug\Oyun Savar.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point Blank Hilesi BKBTB/freeSEC.exe
.exe windows:6 windows x86 arch:x86

a3522c980a2c73fb0bf357d05ff65ac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

GlobalUnlock
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

_Xtime_get_ticks

imm32

ImmSetCandidateWindow

vcruntime140

memchr

api-ms-win-crt-stdio-l1-1-0

fwrite

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 512B - Virtual size: 12B

a3522c980a2c73fb0bf357d05ff65ac9

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

msvcp140

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 221KB

.rdata Size: - Virtual size: 290KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 221KB

.rdata
Size: - Virtual size: 290KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B