22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845

Sharing

Copy URL

Twitter E-mail

General

Target

22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845
Size

804KB
MD5

afd33b39cc87ff4d2e7047e199b911f0
SHA1

71adba01096df16f501b202b07d24d5c3fee37df
SHA256

22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845
SHA512

9802fdf92b9735740bf23b943fd9fa15c374d09a2a13c90823a96654cc0a3fd157148b9600153d66721ee57023227339c30bab4cc7780737cd8a0a9844be3671
SSDEEP

24576:da3u7VkAiWmbJaXlRcJCzuI82qH+Ad2e:4u7ViWWMcwzBtQ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

22221d5e43e091a1c03113d1bb37d8dd95dcf07d8756c87d2df6c0d1ab944845
.exe windows x86

cb1e3d91b9c7bae945b29f39b276e427

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxW
MessageBoxA

advapi32

RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx

ws2_32

WSAStartup

shlwapi

PathFileExistsW

winhttp

WinHttpQueryAuthSchemes

wininet

InternetQueryOptionW

quartz

AMGetErrorTextW

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb1e3d91b9c7bae945b29f39b276e427

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

winhttp

wininet

quartz

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 202KB

.data Size: - Virtual size: 57KB

.rsrc Size: 29KB - Virtual size: 32KB

.vmp0 Size: - Virtual size: 97KB

.vmp1 Size: 773KB - Virtual size: 773KB

.reloc Size: 512B - Virtual size: 156B

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 202KB

.data
Size: - Virtual size: 57KB

.rsrc
Size: 29KB - Virtual size: 32KB

.vmp0
Size: - Virtual size: 97KB

.vmp1
Size: 773KB - Virtual size: 773KB

.reloc
Size: 512B - Virtual size: 156B