9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91

Sharing

Copy URL

Twitter E-mail

General

Target

9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
Size

5.0MB
MD5

c182610dd437f90d0cc6cb0ac19cfdb7
SHA1

9729820748673938e057ce74d007b758f6f9b195
SHA256

9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
SHA512

618bb4559c36eec0b8e3552c16b94b0060d68186b9864ca6670d8a17225088a69a498a367a226f5944a3b7d79a61565cd7123e27001053000b6d42d86352051a
SSDEEP

98304:MnoqQ2Dy7wvvr8uFMhXXQJFIR+UaULp7x7/urAM9TIURVY+ck4Mh:EQxilFMhXgJhUaUN7xDurHTvRVnh

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

9c2bab6fc93db69b1b4771a0f599255728c8a1d0636a4c23f74190ef5f5def91
.exe windows x86

cef18ef6b6b2eb5c840f76e4d4bf91a3

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

i�m��]A�}q��9BwU�:��[��5]kPDQ��Q��v5}u��ZQ�M��u�_�q+u}��@�k��k8��oM-�ڱ��b�Zи!M aP��."��Z`�<ۥjN\�4H��9S[k.�3ۡ�*v��/��}񜼥ۿ�-��i��n,e��e��T�H��B��;�s4#}��_��vus��QeV�hH��<v�O��T�[��q�IdP�O�?��H�=�o��{�?�Q�5i��@�菣�N�,l딳��E^�$��_��BW�茰󹙒��W��6��Ӧ�/ES��l��3��n��,�rn1V��Lز��S��U��߰�_��%��&"\ �*�֩ɜWqK��]·�6I�x��F:��vQ�1-��WVw�!A�^1;� ze%��|`K�,&��v~?��M ��S+?��7��tZo �)\s|��#b��% y��C�6N��{B��%t�bG�Y��h��M��1�T��Jp!��]�IL�)� {�Z/�L�7��B"�#�5B�tҶ�ybY/Y!�)��7[,w�+`>ȷy�&��A��b�jS/�e/��,�wBd�oɰM%^��aO�W;��eՅ�!.��ͯ�q>#�,=��n�7owyg��}��c ��z\�=6_@O/�{�bBO��M�T��k��h�'/�aU��P~vɉ�Xaxw�E�Eir�t_��]��ă[gID��x�ɯD�tjB}��mӁ2��B��m��y|��[�#"H��9��xx��1�ɕ�\�FCp�+>�>� @7��bJ\��=�*w�BĒ΂�Ĕ��k @˵d��*�o��mu��³z��7�f�t�+<��dEY*>4�޹�^2+|�o�"e�_�d�eP OXnz~�T'��U)��4!7 �C�M��='��&�`��X'�P��k"�5�� 8�s1�v�=��n��O �eU�Xk��Dϖ�fQT2,7�g(��c��~�m�@,j��P� 䢱'3��k ]<�)C�3 ��f�$L��H�@� ��$��Ғ��H�-�aߧ{��ȓG��B�X��IcL0��`�N6V6�)#��a�o��策�Zѵ�P��u�5!]��\CF5Zȇ�CLj��^è��tH��A'Jpk��H�R�j�m�=M�{��r�>ە~�t-��\@�%i��n|醸89 #R:�ۉ�"�?��=��nh}��.�(��{Pꆁ�� qǹF��6G��3�c-��@��n�5<��[�(��j��(\4�'�{��_��Q8��,m��nb-c�Wc�/��/� �4�=�&s�\�\��ޟ`Qnq��K&3��2Ed�`�Z��lұ}�~��"v�Q%��=f��zAX��@�R�H~z�A�d�p�ͬK1#a��1W��X��(\@��6�`|�)�'[�Fs��,��$W��7hu�Q��rCQ|F�{�7�-r�C�3��F��6�Y$�Z�)S��K�>��h�w��U�0��}�ӓ�hl6?��q�0pY��ήt/W��s��m�r(��ڈ� H�K��7��΋6�� :a��6+��v��c�.yD�`@�8��j��o"��;��gR�� e��: ��'6C��͎��<�Z�I�S��]�9��E�r��2G�J\%��i<FH��|��l��O�!3�>*�L,�c� ��=��m8Y�y W+��a�Ǔ\�ǭfK��N"� ��o�ЀV�[bN�D�UtН��op9��$<gr6ڎ�PP'w5��˽�l��g��G�S�Ö��_Q�� A� .FS�R׸V��i��ӣW�A2H��74Rx|� f��"K��z�Fh�U~�L��#ō,��VE�c�nn��I�v�%�F��s_P~SOX�a�%L؁��w�V��'�5Ƃ�8I��49� ��+�M��0IwtR6c�s8e�c��rά�(2>k��-V�� ߠ�/N�*ve5��Ȅ��<��by�I�K,O��3T��l��ڦ�Aȉ)+<M�8Z&(LW�e!�W!w�� X�6R��0&>��8D�kfXl��a'� !AXI��PY�v��}��UlU�=�YSϯ!��oσk��>r�l�쉓9#2E��v��q3KD�cr��|��=�!��PH��M��EF�A�a��a�=�J2t�=~;��m!=��l�~ C��v��O9>�IϨ��3G��<�w��'gl$��9��3��K��b{Q�+q��s�|`��_2(�v�-Wq�"'��<��Jek��\2y5=g �l�ZF �.�,\�� qw�.�T^�D+ N�b�,5��e�~f�d��o��ÿʊ?�`�2Oe>}OY�7$q�E玨��J6��ReW�0�ș��}#��sOC��f�$2��>l�r+<y�W��:�}��,�[/z��>��@�N��F��Ϗ��ّ��p(!��p��Dq|�Q�� W��F��C�?�-{��O�e�HdæUl�߹ ��.)4u�'��)�&DNF)�a��~�ͽʺ�ghp��eO��z� �|o�KƂN%��,A6&&��s�gG��{��k]_JNG�,Zא��144)J��L�<�9�g��>C[�;�?�#��t��F��P�W�@�,�Tpv�<i<i ��Ǫ�L�A��z՝�;h��*�p� ��#]��#�$%;�c�u�vI�A��?�nl��\� ��+϶�O��R\�Gw.;2'�8��Z��ĳ��;cx��˱+U�kO��M� �� m��A�Tͪ�&�员G��q�'�b��wd�i�7�^2�

Sections

.flat
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.api
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cef18ef6b6b2eb5c840f76e4d4bf91a3

Code Sign

Headers

File Characteristics

Imports

kernel32

wtsapi32

user32

Exports

Exports

Sections

.flat Size: 14KB - Virtual size: 13KB

.data Size: - Virtual size: 1024B

.api Size: 512B - Virtual size: 312B

.vmp0 Size: 2.8MB - Virtual size: 2.8MB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.flat
Size: 14KB - Virtual size: 13KB

.data
Size: - Virtual size: 1024B

.api
Size: 512B - Virtual size: 312B

.vmp0
Size: 2.8MB - Virtual size: 2.8MB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB