707ca61b0af041e69767c37189721db167318ed89d7609536fedf498c21d2011

Sharing

Copy URL Twitter E-mail

General

Target

707ca61b0af041e69767c37189721db167318ed89d7609536fedf498c21d2011
Size

7.8MB
MD5

ca82ffab14b0a4d7186a2cd77cdbd64a
SHA1

2eaa45d29d9cf328a7d2c9e6b32e962cf2984553
SHA256

707ca61b0af041e69767c37189721db167318ed89d7609536fedf498c21d2011
SHA512

99dfa03435a74d17745e4f2d579d053b2e61ff6454b9148e1a32c599e27b3467ba152e93f25ab554327e53b5e100218e874ebb6bc52143a371ec5da4f63398b0
SSDEEP

98304:md3zAM43/ld3Suh4VjG2TL5BSrzgtHfJjtmtUK/lzT30LFNcF47WMO9oIlVmRlnN:iqT3uVp5ByzgNfJ5mtUK/1zIqvKmVoN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
707ca61b0af041e69767c37189721db167318ed89d7609536fedf498c21d2011

Files

707ca61b0af041e69767c37189721db167318ed89d7609536fedf498c21d2011
.exe windows:5 windows x86 arch:x86

d725d7ef8c9064f1de6b42e93f882e1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutGetNumDevs

ws2_32

inet_ntoa

kernel32

GetVersionExA
GetVersion
GetFileAttributesW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetRectEmpty

gdi32

SetViewportOrgEx

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

VariantChangeType

comctl32

ImageList_Destroy

comdlg32

ChooseColorA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wsdun2
Size: - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wsdun2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d725d7ef8c9064f1de6b42e93f882e1f

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

msvcrt

iphlpapi

psapi

Sections

.text Size: - Virtual size: 13.2MB

.wsdun2 Size: - Virtual size: 776KB

.idata Size: - Virtual size: 12KB

.wsdun2 Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 569KB

.vmp1 Size: 7.7MB - Virtual size: 7.7MB

.rsrc Size: 160KB - Virtual size: 158KB

.text
Size: - Virtual size: 13.2MB

.wsdun2
Size: - Virtual size: 776KB

.idata
Size: - Virtual size: 12KB

.wsdun2
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 569KB

.vmp1
Size: 7.7MB - Virtual size: 7.7MB

.rsrc
Size: 160KB - Virtual size: 158KB