03a8531989aeeec1befecbba4f3ee218309306224bd22b7e52104537e32bacd6

Sharing

Copy URL

Twitter E-mail

General

Target

03a8531989aeeec1befecbba4f3ee218309306224bd22b7e52104537e32bacd6
Size

5.2MB
MD5

b1057feaae568f50eb9ff99a0fd2e545
SHA1

b6e1d147b2f1564224a530b07af1681fa7a991e3
SHA256

03a8531989aeeec1befecbba4f3ee218309306224bd22b7e52104537e32bacd6
SHA512

c69024ff4629f752af10f2a628580d616ec6e4db1986e95a45b523c1f30b72c361ee12744a152c01e7ad8fadf68146d1ef42300b4f3556efa6eefa0e6259c482
SSDEEP

98304:91KAFbwaa/ttzTXTZDMY8j0w3ZrYqDXd18OkBfvk9BIn8gacBoH:rKCK/Tzz1r84w35rdjMUAn8fcBoH

Score

8^/10

vmprotect themida

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
sample	vmprotect

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
sample	themida

Files

03a8531989aeeec1befecbba4f3ee218309306224bd22b7e52104537e32bacd6
.exe windows x86

389f0462c1e85b652078236809a76242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

389f0462c1e85b652078236809a76242

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wtsapi32

user32

Sections

Size: - Virtual size: 41KB

Size: - Virtual size: 6KB

Size: - Virtual size: 5KB

Size: - Virtual size: 5KB

Size: - Virtual size: 1.1MB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 28KB

.themida Size: - Virtual size: 2.1MB

.boot Size: - Virtual size: 896KB

.vmp1 Size: - Virtual size: 2.3MB

.vmp2 Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 27KB - Virtual size: 27KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 28KB

.themida
Size: - Virtual size: 2.1MB

.boot
Size: - Virtual size: 896KB

.vmp1
Size: - Virtual size: 2.3MB

.vmp2
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 27KB - Virtual size: 27KB