f633e07a4128fe6fc2ebf45fc6557d95d592d85a91b4fd1b1ca2d24ab3a3afef

Sharing

Copy URL

Twitter E-mail

General

Target

f633e07a4128fe6fc2ebf45fc6557d95d592d85a91b4fd1b1ca2d24ab3a3afef
Size

746KB
MD5

c573e16cdb7c80bb8ec9990ce9703625
SHA1

28729600a0d12b0cc95d8e5b114e0e123b7e67f2
SHA256

f633e07a4128fe6fc2ebf45fc6557d95d592d85a91b4fd1b1ca2d24ab3a3afef
SHA512

6972502184c2ae9045f52033642d37f2c44a6babc4cd0ba3c0e43f804501b9eae821835e0a410f07e682e3fedf77c2249ab168a1c9993dfad0c8ae53667b74d8
SSDEEP

12288:vVbnhCmgqTp0/Ioqdl7Z01YFF3vOLI1CyjLsiydCoKsiB7228T50OixGNKbT:NzExi5Z5T3vO2ifKsiB778T+OiuKv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f633e07a4128fe6fc2ebf45fc6557d95d592d85a91b4fd1b1ca2d24ab3a3afef

Files

f633e07a4128fe6fc2ebf45fc6557d95d592d85a91b4fd1b1ca2d24ab3a3afef
.exe windows:5 windows x86 arch:x86

095bc646264b30427c4ea0c8f0eaf1c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\编程代码\最新\最新一套\小何一次性及服务\03.ycx\Release\Project1.pdb

Imports

kernel32

OpenThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegEnumKeyExA

ole32

CoCreateInstance

oleaut32

SysAllocString

ws2_32

gethostbyname

vcruntime140

__telemetry_main_return_trigger

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

095bc646264b30427c4ea0c8f0eaf1c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Sections

.text Size: - Virtual size: 13KB

.idata Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 671KB

.vmp1 Size: 744KB - Virtual size: 744KB

.reloc Size: 512B - Virtual size: 96B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 13KB

.idata
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 671KB

.vmp1
Size: 744KB - Virtual size: 744KB

.reloc
Size: 512B - Virtual size: 96B

.rsrc
Size: 512B - Virtual size: 469B