68cc5c2ca0c78317a2dabe528e1d89705e03cd534e2f1387c854f1457c109fcd[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

68cc5c2ca0c78317a2dabe528e1d89705e03cd534e2f1387c854f1457c109fcd.exe
Size

5.6MB
MD5

dabb7b6d295651ab4d281e3d01a4816b
SHA1

2b4cacf1e297604edcbc2149182abe413eab0f6f
SHA256

68cc5c2ca0c78317a2dabe528e1d89705e03cd534e2f1387c854f1457c109fcd
SHA512

5fc742102f8d9a9ae527d5f7cec4fdeeaa3246e2e237b3fac8c187e7c130d428f449479603e30713310e801a8d98172d5f6b12aadf6ae0f05353c4cc984dc4a0
SSDEEP

98304:Qr1eZRfOlXDCcQrgVV6EU4YKV6f+LNCFUdjhCgoJIB0BaOXWgMkCCAMOMvuaXwLQ:QafONCZgVY46f+6UNPNuXdAMOIULyt8Y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68cc5c2ca0c78317a2dabe528e1d89705e03cd534e2f1387c854f1457c109fcd.exe

Files

68cc5c2ca0c78317a2dabe528e1d89705e03cd534e2f1387c854f1457c109fcd.exe
.exe windows:6 windows x86 arch:x86

03e166c012c82ced405ded074d5e68af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetUserNameA

crypt32

CryptUnprotectData

bcrypt

BCryptOpenAlgorithmProvider

ws2_32

select

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e166c012c82ced405ded074d5e68af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

crypt32

bcrypt

ws2_32

wtsapi32

Sections

.text Size: - Virtual size: 383KB

.rdata Size: - Virtual size: 67KB

.data Size: - Virtual size: 9KB

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 66KB - Virtual size: 65KB

.text
Size: - Virtual size: 383KB

.rdata
Size: - Virtual size: 67KB

.data
Size: - Virtual size: 9KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 66KB - Virtual size: 65KB