b1a6bd454f8e723bd8f1b856b336c844[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b1a6bd454f8e723bd8f1b856b336c844.exe
Size

13.4MB
MD5

b1a6bd454f8e723bd8f1b856b336c844
SHA1

e50b78534ab2761b9f654333f81be3a60f736eb9
SHA256

d0fd88199448558df5b8c56936e822aea87f9149c23682004edbf36f28bfb78e
SHA512

2bff70684886914c8affa398dda0f801dc22d8f7d0a2a4f2578378f387744c6548779fd2065c7ddde3757d4c3786c40b6006aa1a371ea0b0c1a0ef425ecccd80
SSDEEP

393216:D9Lrz7P8nN59nOgZcuZgU8OJlqoJAnXrugAVXQsM:DJ7knNfOgeuyzUlfJAnXl

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

b1a6bd454f8e723bd8f1b856b336c844.exe
.exe windows x86

9ebcd018a747182c37aabf2ab1139666

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

strlen

kernel32

CreateProcessA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

A�:N��z�f�4��,k�{&� RR�8��E��lA�%VT]��P��Y'ȭ��hDmw��*�м BP��A�y�/ຬ��U"?��7J�䙾��2��/��j;ª�*QU�R��q� �B�@7 ��dL�C��U� q��w`��l�rέܥB܆��@gN�߰=�.=zI��J��[l>��s.��N��J� RϦ^Gŋk�hy�:��"� 4�:v��Ek)�HA� �0��ة�8�H��}��]o�u��l'��c�&[��+a_�oێ�倗�u��hA�4痱��kE��K��wLA��[�sU�"�y�U1q��ǑD'��`�R1 0�^�K�6��̂i�80i#'�2>gд &�� +��H�c�N@�x�QG�֟8˛r��+��=�nٛ+$}pkݒf�o��@�P&+#JLkbi�cY��^Q�}2n޾�w1�2�t��ZGd�M@�X7�fӾ+Z�Ôht��c4}��=�8�� Ĳ*�}1"�^@"L�3�<��Ӭ�r��R$ G�o/(l{i��5�v�CFc��E<�祉eibJ(^�Z��Ş��Jmԫ"�¦_�jM�#�M��Ea��:�Z�b� ��_՟��~un�U\t�7B']�K^�I�'��r08��Q�HF ��UI-�H��'R�Ã�b�Y��,�F�%/��zF��){��$םގ望X�� sN[�=�+ݩ��g@��N�q�.�ֳ�a�Ԩ�s xtOu��D&��!�\�P�L��Wo�El�Ԡ��0C�j��i�-��z�8P�B�u��@:z��u.��˦�Fg�'ۉ�z�j� 񿆋��GmXGZy�:"��r�.<�7'�/l�F�*[��}�d��UB_��8��0qB�y>G�\��f��v��k�_��mvqD�⮏�I�f��vq��H E�x.��2��K��: <��Sxr�Z�j��v��|�:��|(n�禟\�$�ć��H��ˌ��qfI�5I�`yge��rP�Z%��2�}5 ��b��Y�Kɑ9�{^�'�.A�%M�5�2.Լ8ﺀ�"�9��h��ܺ��lE�|Έ&��I�ܝ�q�93��<�'[\�@��B��T�Z��9 V��dEB�b$�3)Pi��_L�� #��i�HZ}�'O�MN�#=��=[<��!��8��ؑ�@��Ҹв(��C)��z�.Q�r�]��}\�� *A��ŉ�pг]�e<._��g�-�Y�H �s?y'1�-X�:ֺ��J��B�+U䔝r1˚'��G�a�0��E�?��.��Ո(�s�� 0��`(J��>|�ɊT�H��c��Ҝ�Z�r7,-څ��M;�|Ҡ��9�W5��Y>��C��(�0r��iYf�e��Q��7��]}�Y�"U'��Y7�<�w� 5�D��F�`)��70��F�7�M�\��2I��i��~� ��n��z^W֏"��TQV�F�71��%W��7��Om^L �9 ϗf��sr��b�ڌg��l�A��CįAx$�D��!K�S��z�Bh�q��|;>�Vw�A+��7�kRs��"U�Ңg�o!7��ő�'�@�i�[�,�Wi��b�P��;_e�_��=\��2��K/�HMD�;{烒�1�h%5��^[j/�e�b�#"��w��f�(�w�K�С�� m��Ŀ��Y�?��Kn|��^d�\wmW�� ݂g��W]x�׈��]+�|��r�zm@|ZJEd;@oќP��<ӍU 1�K-��*(��<� ��ݤ}�[��!�G%/\��pԨi��%W��53�\Fu��̃�T��N;�u޿��#�%�8��"\�G+"��!�V��Da��~fZ�p��H�f�nvl�D��Z O��fB�wԳ`2ѬQ` 0�j)~��#��&p�d��n|�9]fJ�M3��kL3ʞ��+5^�dmd��D��)&=��[�M��l��W �z�u �� 8 �}*�'��E�)o8��~A��?�y٘�7 �I�u'u�U��T��a�vb��QbhWAq0�[��t�GZ8�Lg�� U8�H�:_Z��{0�� Κf�X��XcD�׼��!U� �0&��Z��/�腭Bwm��Db�s#w&Z�Lo��N/�p��%ŀ�<�"��sm�H��:�S��M�<�ɼ��2b�e��yoK� (�ɩ��0n7J�B�9sl�b�gf��e��1BX�1[�c��4�0Q=`��2hYS��Y�~��P��a(�B��d{%��Z�bF�TW�W]�B(�<!ه��ދ5[�r7�}�&4��@��$*��L��U��N+UK��c�y�p��_$h`~m�vsp��~o�^i��Rv�J,!�0ȟR�c~��T��P�K�g\ reV3�~��h,��Y��vʹSi��4��s�:��o!x��JҶ�J'zeXr��Z��1�s s��֞Ĺ5B��, ��+�lD'�j$Nˠ�g��1`?E�F 8��e3��]�q-�U�o�֕�N��!X��է��tװ��૒��2@�#eҡ��Z�l�<:uc+Z��KQ��3�@�A��c�8I�]��[�9�`��7 �.��E�O�zֲ�Pr?:��B��*�ȝ��N�. g7� N@%y�Z��w�欳\��{V,�b�82�Ͼ��ܭ��{*@��c��rVaz��mq�+.�V�%��P��׻��ѻ[�dW�Ӹ�H�W�f��U�՗�U�Ԏ�Omo�>�t�G;8Ő�p��<-!E�N��?��'�_Z[D1籓��ؕ��9a��[̢�)��s�`��H�W�Q��`�K�FCS��j

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ebcd018a747182c37aabf2ab1139666

Headers

File Characteristics

Imports

msvcrt

kernel32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 1KB

.rdata Size: - Virtual size: 9.1MB

.bss Size: - Virtual size: 4B

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 13.4MB - Virtual size: 13.4MB

.rsrc Size: 512B - Virtual size: 496B

.text
Size: - Virtual size: 1KB

.rdata
Size: - Virtual size: 9.1MB

.bss
Size: - Virtual size: 4B

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 13.4MB - Virtual size: 13.4MB

.rsrc
Size: 512B - Virtual size: 496B