0cf11fdb869010618b5e659ecc2ebcc67e291c64583705586ceff6442b922769

Sharing

Copy URL Twitter E-mail

General

Target

0cf11fdb869010618b5e659ecc2ebcc67e291c64583705586ceff6442b922769
Size

1.9MB
MD5

083bcd3ee10d29d925d4db1fe91d8eed
SHA1

c034e5f758e77314a8a7f5c9e7a170fa97a08a47
SHA256

0cf11fdb869010618b5e659ecc2ebcc67e291c64583705586ceff6442b922769
SHA512

73beeaa87bbb2f4a449062cae1678e9de478a1d4de95a2160215f7cd9340bb7e60429e6b0d4f1d02b7d3c7997ee13458ff78f8633a46c16f3c75fdd17f135d56
SSDEEP

49152:RwgKliMdQLuWzWaBbTQxfWDstaIuoCdge:RzE+RW4QxflQ7dH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf11fdb869010618b5e659ecc2ebcc67e291c64583705586ceff6442b922769

Files

0cf11fdb869010618b5e659ecc2ebcc67e291c64583705586ceff6442b922769
.exe windows:5 windows x86 arch:x86

97ec27703f75b2bc7f9865e8d6f9dad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

windivert

WinDivertClose

kernel32

GetVersionExA
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

MessageBoxW
CharUpperBuffW

advapi32

RegEnumKeyExW
RegCloseKey
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

iphlpapi

GetAdapterIndex

ws2_32

ioctlsocket

psapi

GetProcessImageFileNameW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97ec27703f75b2bc7f9865e8d6f9dad3

Headers

DLL Characteristics

File Characteristics

Imports

windivert

kernel32

user32

advapi32

iphlpapi

ws2_32

psapi

wtsapi32

Sections

.text Size: - Virtual size: 356KB

.rdata Size: - Virtual size: 95KB

.data Size: - Virtual size: 9KB

.gfids Size: - Virtual size: 1024B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 356KB

.rdata
Size: - Virtual size: 95KB

.data
Size: - Virtual size: 9KB

.gfids
Size: - Virtual size: 1024B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 1KB - Virtual size: 1KB