14871ed87bb1c6657e6a5c6ee4edce60N

Sharing

Copy URL Twitter E-mail

General

Target

14871ed87bb1c6657e6a5c6ee4edce60N
Size

1.7MB
MD5

14871ed87bb1c6657e6a5c6ee4edce60
SHA1

016f00467979665c67687d31ca73920086d676cb
SHA256

d7c694a80183891568f755793b33375e9218f74fb59477b57a1234a2c3988d05
SHA512

ac6fcf0693dad202d94bd528a66bc0734d0f2462790c407163b1e24ecd93d319f5c31e27324e7236e29a43bbfe1d79ea36255bedae7969df9a44c135d7dc46f1
SSDEEP

24576:IGRZBub2rkzeZLe1ZZ2LoVXJuVEPkg/L3IUm6anqBn4b5VxndZTUSW5KRu:FBzkz6Le1ZEoVXJAAQ6cLTUhG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14871ed87bb1c6657e6a5c6ee4edce60N

Files

14871ed87bb1c6657e6a5c6ee4edce60N
.exe windows:4 windows x86 arch:x86

f9b1265b7c7b68285832037ca6ab184f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamClose

ws2_32

bind

rasapi32

RasHangUpA

kernel32

SetLastError
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadStringA
MessageBoxA

gdi32

CreateRectRgn

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

InitializeSecurityDescriptor

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_DragLeave

wininet

InternetCloseHandle

Sections

.text
Size: - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9b1265b7c7b68285832037ca6ab184f

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.text Size: - Virtual size: 637KB

.rdata Size: - Virtual size: 1.5MB

.data Size: - Virtual size: 596KB

.rsrc Size: 364KB - Virtual size: 381KB

.vmp0 Size: - Virtual size: 179KB

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 4KB - Virtual size: 228B

.text
Size: - Virtual size: 637KB

.rdata
Size: - Virtual size: 1.5MB

.data
Size: - Virtual size: 596KB

.rsrc
Size: 364KB - Virtual size: 381KB

.vmp0
Size: - Virtual size: 179KB

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 4KB - Virtual size: 228B