7e1569e91d4b16b4c46304d3e5fb26f8b25b4cce0f5e15af54c13521def6fac9

Sharing

Copy URL Twitter E-mail

General

Target

7e1569e91d4b16b4c46304d3e5fb26f8b25b4cce0f5e15af54c13521def6fac9
Size

10.0MB
MD5

677c3c9d912659cc7e5067c91b6923a9
SHA1

d8a8571f0aa5132de99658750a1d824c76eefe10
SHA256

7e1569e91d4b16b4c46304d3e5fb26f8b25b4cce0f5e15af54c13521def6fac9
SHA512

12729cdd4b4eae9e52e838eac2c9df302a068b6918c0e44985fb6c33fd5a2a0328cbc4b7c172a7599abf0a49a9d6039ba95b52b17783b795969ceed668adae1b
SSDEEP

196608:IPpo2Y8EIlgPh+7yDmO6UYClR/ds6f9ptSE4/+wMw71ONWU8aWXOdMZouH7tntRi:T2iIC4WDv6UYedI/+wMNgOWXOCZoubR6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e1569e91d4b16b4c46304d3e5fb26f8b25b4cce0f5e15af54c13521def6fac9

Files

7e1569e91d4b16b4c46304d3e5fb26f8b25b4cce0f5e15af54c13521def6fac9
.exe windows:5 windows x86 arch:x86

a2cb09c4ffbcd7748dce03a7b0c7218e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOpen

ws2_32

ioctlsocket

kernel32

GetVersionExA
GetVersion
GetTimeZoneInformation
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsDialogMessageA

gdi32

GetStockObject

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize

oleaut32

SafeArrayGetLBound

comctl32

ImageList_Destroy

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2cb09c4ffbcd7748dce03a7b0c7218e

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 796KB

.rdata Size: - Virtual size: 11.7MB

.data Size: - Virtual size: 378KB

.vmp0 Size: - Virtual size: 2.0MB

.vmp1 Size: 10.0MB - Virtual size: 10.0MB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: - Virtual size: 796KB

.rdata
Size: - Virtual size: 11.7MB

.data
Size: - Virtual size: 378KB

.vmp0
Size: - Virtual size: 2.0MB

.vmp1
Size: 10.0MB - Virtual size: 10.0MB

.rsrc
Size: 16KB - Virtual size: 13KB