f6793e044e5db60eeac56f7011e484d714a2912c484b1e29773fd85a51d74c47

Sharing

Copy URL Twitter E-mail

General

Target

f6793e044e5db60eeac56f7011e484d714a2912c484b1e29773fd85a51d74c47
Size

14.3MB
MD5

bac661a7ccd5b9f1cf1f2da1ec63b199
SHA1

564ee4c3fcc20735dd26dd78be4a5d177b938a7a
SHA256

f6793e044e5db60eeac56f7011e484d714a2912c484b1e29773fd85a51d74c47
SHA512

8a642fb61f28bb253373eb7693a301e3a8a07ce00af14f8b998da545769ff248dd4eaed3b9f7c2d74b5667bb1fb6f1a5d6c897927b45a24c8007cbac6fc1dd2c
SSDEEP

196608:7HykHA1h5mIZ4XQF41odAtwW2fiZIo2NjLwv6bhnRx6F++GFVZUwI5J:VCrmIZ16cRhGIo2N/K6bh3a+VZU/5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6793e044e5db60eeac56f7011e484d714a2912c484b1e29773fd85a51d74c47

Files

f6793e044e5db60eeac56f7011e484d714a2912c484b1e29773fd85a51d74c47
.exe windows:5 windows x86 arch:x86

5ce60c0413f655c8a524adb98f42fb18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

midiOutPrepareHeader

ws2_32

WSAStartup

kernel32

GetVersionExA
GetVersion
lstrcmpiA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC

gdi32

ExcludeClipRect

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

LHashValOfNameSys

comctl32

ImageList_Destroy

wininet

InternetConnectA

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 14.3MB - Virtual size: 14.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce60c0413f655c8a524adb98f42fb18

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 824KB

.rdata Size: - Virtual size: 12.3MB

.data Size: - Virtual size: 468KB

.vmp0 Size: - Virtual size: 911KB

.vmp1 Size: 14.3MB - Virtual size: 14.3MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 824KB

.rdata
Size: - Virtual size: 12.3MB

.data
Size: - Virtual size: 468KB

.vmp0
Size: - Virtual size: 911KB

.vmp1
Size: 14.3MB - Virtual size: 14.3MB

.rsrc
Size: 8KB - Virtual size: 6KB