fbfe512fb76054df0ef243ac1928e1fc8c2c15557ad10c2f2dd223dcdf7198ee

Sharing

Copy URL Twitter E-mail

General

Target

fbfe512fb76054df0ef243ac1928e1fc8c2c15557ad10c2f2dd223dcdf7198ee
Size

4.4MB
MD5

e3472dcfd52cf03ddb02640f2a4de986
SHA1

4d6d2c4f4467fea1c5ce18e9270a6e05a23c6fee
SHA256

fbfe512fb76054df0ef243ac1928e1fc8c2c15557ad10c2f2dd223dcdf7198ee
SHA512

fafe46e5c91b0656409c77a1624115df6c5d21700e6341ce2e8fbb6b01e12cb0b6084c0fccf687ad3b2173fcb180dbe491f08e39ac61056a81b26babbc03fb21
SSDEEP

98304:WXLBwhYdeiIVzVw9qRKotOhzhxt4jRYXQc6n//lpPX56iYOe6P2ou/3SpD72:8LuqdAy9o4HpXQc6n3lpvQ7E2ouqFS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbfe512fb76054df0ef243ac1928e1fc8c2c15557ad10c2f2dd223dcdf7198ee

Files

fbfe512fb76054df0ef243ac1928e1fc8c2c15557ad10c2f2dd223dcdf7198ee
.exe windows:5 windows x86 arch:x86

3125a7ebd46606b7074afa6a83eeaaa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawTextW

gdi32

AddFontMemResourceEx

comdlg32

GetOpenFileNameA

shell32

Shell_NotifyIconA

shlwapi

StrPBrkA

ws2_32

WSAGetLastError

wldap32

ord50

advapi32

CryptImportKey

ole32

CLSIDFromProgID

oleaut32

SysFreeString

comctl32

InitCommonControlsEx

gdiplus

GdipSetStringFormatTrimming

imm32

ImmGetContext

winmm

timeEndPeriod

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3125a7ebd46606b7074afa6a83eeaaa0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

shlwapi

ws2_32

wldap32

advapi32

ole32

oleaut32

comctl32

gdiplus

imm32

winmm

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 308KB

.data Size: - Virtual size: 26KB

.tls Size: 512B - Virtual size: 17B

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 512B - Virtual size: 268B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 308KB

.data
Size: - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 17B

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 512B - Virtual size: 268B

.rsrc
Size: 6KB - Virtual size: 5KB