2780321d6141563a29c3688b47bf48627322dbad2e7e1da7551cd1ff92056050 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2780321d6141563a29c3688b47bf48627322dbad2e7e1da7551cd1ff92056050
Size

4.3MB
MD5

1cd5e3930b897960adec95a7bd2bc5f0
SHA1

0735d6881c99a9e4db9d960c86720af1f5e337ad
SHA256

2780321d6141563a29c3688b47bf48627322dbad2e7e1da7551cd1ff92056050
SHA512

433a24a2f5359aac657584577ef6739226d0ca52e083db9f488280d197e4d01375c8c61e5dfce2498aae1b4b43a869bf956e1858859bee92066f3d0f8393ad07
SSDEEP

98304:MhjcCu6ReMg8pMFKmXNHpKZnrCXnG5S/kAzsqQ3aEZ6e8m0:JPWSKO0rCR/kAzsqYTZvu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/Plain Craft Launcher 2.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Plain Craft Launcher 2.exe

Files

2780321d6141563a29c3688b47bf48627322dbad2e7e1da7551cd1ff92056050
.zip
Plain Craft Launcher 2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ