72f379fc1f3d1d948982f370fe1e12913efd858e109f3ffffb437d59d5549f4f

Sharing

Copy URL

Twitter E-mail

General

Target

72f379fc1f3d1d948982f370fe1e12913efd858e109f3ffffb437d59d5549f4f
Size

2.6MB
MD5

d4fadd938d04407579058eef25430db3
SHA1

41b18306a10699b68761522a0072779c1e5047eb
SHA256

72f379fc1f3d1d948982f370fe1e12913efd858e109f3ffffb437d59d5549f4f
SHA512

bc207aad6b38bfe56fa43290c45803682b5b3ea3128f6f3cc57b53b357b7524e531cf008ce8661ffba0d1900c9dd223b9f3db579f3c758323a727e9496e83cdb
SSDEEP

49152:XrOKqaJ7Szu+6PcEcxvk/cocdB4h5l5uc1ykKKB/JI7OEXiuEqs5ow0hr5KdGjQE:Xr1kvxCcda5uc1ykKG/2OEXijqskAAj7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72f379fc1f3d1d948982f370fe1e12913efd858e109f3ffffb437d59d5549f4f

Files

72f379fc1f3d1d948982f370fe1e12913efd858e109f3ffffb437d59d5549f4f
.exe windows:5 windows x86 arch:x86

d266ab8c2f207e6cd80078629b45119a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
GetVersion
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowDC

advapi32

RegSetValueExA

oleaut32

SafeArrayRedim

version

GetFileVersionInfoSizeA

gdi32

SetAbortProc

ole32

CoTaskMemFree

comctl32

ImageList_ReplaceIcon

winspool.drv

DocumentPropertiesA

shell32

Shell_NotifyIconA

comdlg32

GetOpenFileNameA

wsock32

accept

hid

HidP_GetCaps

setupapi

SetupDiGetClassDevsA

msvcrt

memset

Sections

CODE
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

splasher
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d266ab8c2f207e6cd80078629b45119a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

winspool.drv

shell32

comdlg32

wsock32

hid

setupapi

msvcrt

Sections

CODE Size: - Virtual size: 3.0MB

DATA Size: - Virtual size: 212KB

.idata Size: 200KB - Virtual size: 200KB

.vmp0 Size: - Virtual size: 168KB

.aspack Size: - Virtual size: 8KB

splasher Size: - Virtual size: 160KB

.vmp1 Size: - Virtual size: 624KB

.vmp2 Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 2KB - Virtual size: 2KB

CODE
Size: - Virtual size: 3.0MB

DATA
Size: - Virtual size: 212KB

.idata
Size: 200KB - Virtual size: 200KB

.vmp0
Size: - Virtual size: 168KB

.aspack
Size: - Virtual size: 8KB

splasher
Size: - Virtual size: 160KB

.vmp1
Size: - Virtual size: 624KB

.vmp2
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 2KB - Virtual size: 2KB