6fcfb7e85edde45e54a3621f13221f01b9328800aa25976be777394b6acdbe4a

Sharing

Copy URL Twitter E-mail

General

Target

6fcfb7e85edde45e54a3621f13221f01b9328800aa25976be777394b6acdbe4a
Size

2.1MB
MD5

2917d80b48e490d93491492b66acee99
SHA1

0f8425ead343dde437f21c664df756b1856f5ceb
SHA256

6fcfb7e85edde45e54a3621f13221f01b9328800aa25976be777394b6acdbe4a
SHA512

dab10881c07ecfd77e64905f590d1ff65c858738ca33ddd6459b32a327c1e5cacdd2e9f33b0f012f6c422f158f7414d99bcc50ff010a6f809af14b7aeaf6fe1f
SSDEEP

49152:sSd6PYURbFDMrDDbwJl9AxpiefSZJtz1U8yyn1AFZPqqo:r6PfRfJLAOmqJ5S8yUmPqqo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fcfb7e85edde45e54a3621f13221f01b9328800aa25976be777394b6acdbe4a

Files

6fcfb7e85edde45e54a3621f13221f01b9328800aa25976be777394b6acdbe4a
.exe windows:5 windows x86 arch:x86

4f196ca2121a4c41f14566beeaf374d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader

ws2_32

WSAStartup

rasapi32

RasHangUpA

kernel32

GetVersionExA
GetVersion
GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ExitWindowsEx

gdi32

SetPixelV

msimg32

GradientFill

winspool.drv

DocumentPropertiesA

advapi32

RegDeleteValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantCopyInd

comctl32

ImageList_SetBkColor

wininet

InternetSetOptionA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f196ca2121a4c41f14566beeaf374d3

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 492KB

.data Size: - Virtual size: 460KB

.vmp0 Size: - Virtual size: 1003KB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 268KB - Virtual size: 266KB

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 492KB

.data
Size: - Virtual size: 460KB

.vmp0
Size: - Virtual size: 1003KB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 268KB - Virtual size: 266KB