6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81

Sharing

Copy URL

Twitter E-mail

General

Target

6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81
Size

5.4MB
MD5

1d68e030480a91f06de241d9118741e9
SHA1

d129d9a59b9adad44e18fcd1d42348de85c6153f
SHA256

6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81
SHA512

1d59b70b905b1f8a2b05e687afa980e84d485ac414e7932d80cbedc49b8c727cf2c3b21562e3feae94b5f0fbabf8bc5581e4592fcf5f4432b1217051d072303b
SSDEEP

98304:QudZknUE0Xc6TRxOytEQAZMZCbDkoILxIwWuQpaHz7bVc1fUGxunB:Qckn8Xc6NxOytENZLbS+wiaHbVp

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

6c1f750d130b1d1a7712b3b7f3611e93d4aacf9eba11040193d2510ffcdfae81
.exe windows x86

172750858dcc0719eed08c952858023c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

OleInitialize

oleaut32

SafeArrayCreate

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

߯��*�7$%��s��4N�ٺ��S(�j��h{O��1��#��Hf�ܭ2��S�r��!��.P��y��!��}�mE/�j��˦�ͣ��(�lѺ|@&nK��z]��v�x)u��x��=��t?a ��c�Q��.��u��&��~�"�ڲ��j�uB�[��=��|y��?љ�tfh��3l�؏��Ā[xW-S&`�9�{l��"��4��-a��*�џۏ��V>R��`��\�)1^~�SS�;9�>뼾2��+Z�z3쪩D/y��{��C�W��Q4��J�/��14��P��L�m�� 欄̅Z��1��1`^D3�$Z�P��JC[Z_xp[��(s�T�FlUQ$��*�+�Ei�a0�o�n=LudP�O�#B�VE��y��U��B2�T��<XƪJ<��wK`��+��vP&��ULgT7��)��7��x�߈i�� "�wO��X>� ��yq�{��k�e��8;�ۓB��z?h`d�3Z�򗒲 �}��W��c�G`�P�%츇zdy��J�2˧�=^Ң�V�Y��1�}�H��f;��X�?&pfB��)��IT��#��k��A2�uJ��n��B��c<q��dk`m��Y<��b�y*��4�rj�V�»� ��(ғ��Rsn�A�uX��rF$�}u3��q��e��|��1��5c��K�{pK[~�� ˆ�=.k:?��ΜÒN�TR��u��/�g�J��1�)^��PU�C��%��+��3��S�Rr�+Ɓ㣑�a�ͻ|�Oe�Q�*��q�ޖDO��L�ID dK�<�}fZ�NF� W��k��B�,W�V<<: ��5B��i�OnU��(��z(׼��b�7c2�r�dr��OR��K��N^\UT�p<v�J��W�=�p� ��1�t��8ȶ'��_�/s�4��@��n�)X�:�T&4wǖr:��|ЂC��R�i�4u �_(��f��O�(L>M�}XIձ��.@j�A��$�q�t��X>%��D��sԕ��d4��HvV�]Y�pa?�樖XC��E��9��W��u�C50�\䪈��5�+��Sc1� Xjb5zo$�R�RQ�U�j=Ke�Y&�ϰ�g��ᨱ'��p� rxP��L��xl�==z�4��|ɫRHv��F��-gHV�+I��/��/�8� T�qm��`��Zu��O�o��۲sh�x��1$ȭ��*�#�@��Dk�m ��#�]L�G}�&5��W��4l��9��.��3�+>-�uS"�"@x�Б��o��C�;��+!��3Dtڽ�R5} 5�x�u��#^��Πk�T�� ܕ��:5�Z0��O ��z��,�R�t�m�D�R��{-��I �^��K0�~�?��^&�r �.��"i��R��l��,氜.�8�,��<C8#��j��u.F7��KX;��#X��)x@wh̺��]*��@*(��&;)C��w7�)�j<��r��bt��i#��r�b7$}��D߅R�|�³��s��1�0\�o��XW�Ȋ}�<��2у��V7��W\~�ih��:@6��\��Q��g��Y��|�u��bc��I��F��E�=�0 <z��7�^�=fi�lK�c|x��)�х��s��i�0��*�9�h��$IIo�2>��OϼE2�a�_��+��u�]�{{��(:�#0<�e\!m3��`��,_�+�� W�ƴ��W� ��jTF1�+��W]�� j#ǉ�K&�_�Uf�� F��AKpp�tZ" �3mN��Xa{�]B��&6s`'~Cݨ��T��1�aT��0�Zr�d�Bt "�$B��~��<9z�j�#�+�� {�� b8*{�Z�NK�MA8�y�JWع�~��9QF��*)�'RA��q�9��N�H}w~��߇{��J%qEk�1�t��P�� c��:|� �>�|��O0�.?g��w��7�?PB��5�w��ߟHG��΄��0��9�ط˗P�� !�(6��|��~��?�=�u] �|�a.-�7"ϩ�D��}�%P6�4��ޟ�~ �H��&��q��Y�#�U�Y��jO�@�c~֞��| �R_]�\�Z��!�UUP�2'<Ͳj<��2�-�� E[��![ʃ䀆ny�y�l�k��W��;��[�g�XS�cq:��=�]M��%ZJ+ �<O�|��a��T'xIZo4~N�Z6rt�J`K�n+��{�� Is��8Vr-��Ptڃ7�ч��l��(%�Q��X-�z|�}P}��Lp/.��H��SCڞ��m��ܙ�2șY��{�gl}�$c�Ο�Dv��f�V�>��*��$M 5�+�k?s��6��[��ۄ��!��w�nS�0>=slYH�k��4�w�?̫�i��P��͌0F󀜬��P�^-)0�閴�?��f��r�<��,�՝Y��J��.T�` n>&��t*��_�� a��/EҲ5�d(��]�(Z��K�e�(�cj��Y�;BZ�]T�W�OL�6��>�X�Xv1`�q��~�>+Pͱ�P�}�_zqI ��ɓ�Lc�4��ǻ��|�ׂ�|��Q0�Ȯ��S}?W֔��P��a��V��5gW�C}��2-^�i؍�6>f�V�ِA��Ψzh�f'`�� Kn��ų֪�@��p��j��4^�}�l�D?��_�� ^y_�(Y��``��:0��*d��pl ��

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

172750858dcc0719eed08c952858023c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 27KB

.data Size: - Virtual size: 12KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 1024B - Virtual size: 928B

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 27KB

.data
Size: - Virtual size: 12KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 1024B - Virtual size: 928B