e3e1676c0a1bc152e33a9df9a44808a115ad7d7c5328e03aea6cbf0cec68966f

Sharing

Copy URL Twitter E-mail

General

Target

e3e1676c0a1bc152e33a9df9a44808a115ad7d7c5328e03aea6cbf0cec68966f
Size

14.3MB
MD5

3a014d85d1617aab64507dda8d858d4f
SHA1

8a1c9585b7266ed4dbd5e728b19cfb66141d1df9
SHA256

e3e1676c0a1bc152e33a9df9a44808a115ad7d7c5328e03aea6cbf0cec68966f
SHA512

f27f3f185ffe86ee1fd3dd2a177a10455f6d8c07e1c16f6b7b956e2a4e04007d8f7a760e5795145162863ff5fa8d939890e99c8c2efb18970eb0609af105fb4f
SSDEEP

196608:M+YosSDHvcv3RCuavumUrPjBgeiJOuiKLBuCMbxttokozaQDfM6DDUhd5wfsesf:ZYjoH0voRG6eiJOuGCUWakfFDoh85sf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3e1676c0a1bc152e33a9df9a44808a115ad7d7c5328e03aea6cbf0cec68966f

Files

e3e1676c0a1bc152e33a9df9a44808a115ad7d7c5328e03aea6cbf0cec68966f
.exe windows:5 windows x86 arch:x86

4f83ae17a2d03dfaaf6ae6f19ebcc291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2015\DunRunGate\Release\GameLogin.pdb

Imports

kernel32

GetVersionExA
SetFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

AdjustWindowRect

gdi32

SetDIBitsToDevice

advapi32

RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoGetClassObject

oleaut32

VariantClear

shlwapi

PathIsDirectoryA

comctl32

InitCommonControlsEx

wininet

InternetReadFile

ws2_32

closesocket

psapi

GetProcessImageFileNameA

crypt32

CertEnumCertificatesInStore

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f83ae17a2d03dfaaf6ae6f19ebcc291

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

ws2_32

psapi

crypt32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 583KB

.data Size: - Virtual size: 37KB

.gfids Size: - Virtual size: 252B

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 2.4MB - Virtual size: 2.3MB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 583KB

.data
Size: - Virtual size: 37KB

.gfids
Size: - Virtual size: 252B

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 2.4MB - Virtual size: 2.3MB

.rsrc
Size: 32KB - Virtual size: 31KB