827f3b41a2abaf2def681349daabe102563a3687890ba6822ee3274372eb8390

Sharing

Copy URL Twitter E-mail

General

Target

827f3b41a2abaf2def681349daabe102563a3687890ba6822ee3274372eb8390
Size

620KB
MD5

7087bf148d1752cde9b4883dc97d4770
SHA1

e3914211efcb668b963765de85f7d96caf4eb4bf
SHA256

827f3b41a2abaf2def681349daabe102563a3687890ba6822ee3274372eb8390
SHA512

8a781ac602d869e7818a81a445df2c4309f949e5f2f5f9c8da1385a688622f25651f6fc03b1f5b9d52c511ff4a31cb2ef0515ba7708b4ecca501260c88d93323
SSDEEP

12288:L0USzeDZQzkK4qCDylUxHLq60yRH0sduXLdhCtkngGGS3rY1j0:L0nAZQYKz+ysduXLdhCtwtGA+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

827f3b41a2abaf2def681349daabe102563a3687890ba6822ee3274372eb8390
.exe windows x86

b54069d1b7f70ed3e080c83890499937

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord547

user32

MessageBoxA

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

>��PT�m�c\V^GZY*덠 �5�W��\��xĪ7e��o(��}앾D��/�9�ZKF��`��v��b��/�Ӂ�KX�/��=��^o /�߬0|5S�9N�/l�5[z9��a�`榦D:�d�BG>[�7��a�y+� ,x��[f�vV��BZ��{N[��>�x&n{� t.�<�t�e!r˂u��+�=�]}%�&�K��6��-H��&H��k�=i�dP��ʬ��I��J��~�� >��3*�s��<�VΎg�-W�F��Rb�͈�+Sb+�c�P��@u��m��,r��HԈM�q�G��1W�j~��vЍE��,tT�Hv��@4��α��5��>=��)��j`�-��ɎI��[�Qi��5��jW�L�+{=o��싑�n��(t,�b�3�M)jU�9��h�q%��\M/|;�%D`4��e�-��M܋�d��;�eH�,~�$�ϓ�O��1��h��H�kb�؍�ٹT߶A�H��&��M�Q�;뱱�֎\��%��:�04H?M@��:�]��Υ��@�ǖ�#� uU�-��/��iT�!�h˺�� m��D��Gv\�jO$9�9�[^��U�t�R��N�E��^֢��q{�1��j��ER�֞e��8�D΃��B]��;!�H��O/k�4� ��b��R�@ŧf�Ӫ�"�ʲ��S��=l��<��y U��:WP��=d� _&�YO �u��Q`5��S&�h�m��mB˒6��V�9��X�LQ�䡹��m�d_U��N��{B��cNB�.�ߔ�کA�y�� Ƀ��g��Kp�֗�?��QS�E�Y�B�+)t2��<�d��M�� i�Z��Pov��A��qE�I�\��'��{mvDMV��;AI�,� �J��t�p�8�}�v��3��xT8��QF�ְ�i�21d˻��c�cne �m��^�U�#)C��͖4@ALN��;��S�f��.P��Ưm0�r*&�B��+h��e� P�zm��O��rH��9�C��W��ٖ�ȳ�Y-ޝW%P_��-�q�7`m|.�02��q_��)�g{��yu�܉�|�B�2`'�El"��ZI�c6�&�X��,9^i��w��&v��6Ow=��[��o�K�[A�h�`��^5`�C�C�X�"�J.I9��`��J�;�=l7?��=��-*��<�D��jx�0� ��[�[h�Ӽp�ʥ�2�]i�5`r`D��H\�p/% ��h8xƻ��J0��4��oK0B�y /φ3|`3fi��!�`��)_��s��x��<�1��E �F#��<X��q�G~L��A�P?��F��\_�u�L�p�o=L��/MQ�t�AϖaM�ѫfjg��_y�ƶa�2*�)>t��8T�1�H�j�U�ݜ��w�C��#��p"ҧ�cq�#+BƻEwA�@��'9�3�.��5��(vd\��w ��?! x �V�0nE��*��߲��*�$Q'��'��Y��ˣQ*��м ��D��Us�A�ϡ��㺽J*\1ܼ�aLދ�w;I��g��# ��@��[�3�TR�5c>ø�bH ��|)�jj�Pmg��G��-U'��0��2��9I��ĵ�V��̀��P�io��-��{�亳�tEˊ�G�2|Q��Z=N>D��s@�MYcu�K�>9<S<d��n[t��2"�l��Z�pR�w�[.�Ǫ�Հ Pd2�m�V�e2GI��IB��s�q��8�۞f�'��`�@��2jR;�N�?��׫n�T��yxi��C~��=z�� &%c&��v�)总��ur�&�s9]��d��>cwY��#y�ͨ>&�Y�S�Llf*�g�a��h��e�o��]�[�;o*�R2-V� Lt��i�p]��l��9��#��H��Η� ��L��Q��n�p��j�sO��p.�_�=��Eޱ�Z�x�^&v�VE#�[��?��xp"�o��N��RBz��S�m��1YG��Q Е%��SΏ]��3�4�v�g�Ja�?4��2ݻ"z`A��lUm��,�7Z��Q��Ӓ��f�bf��G�C��8��E\��*K#��ѝ��y��=��Rj:�}�q�X�bTO�l��x� ��p(s��8}}��̴츂�8|�]�5��tR<O��-P�P��i,��Z��)��g��t�v(��Y-*_0|��HXw 9��st�9��ՄF��o��Ps3�F|��Ӷ��?o��y�{��E+w'^a��A�dH*{�j�sRvQ0��V]�Z��S��Ԣ��N��Ҍ �mtWvh�3]�m ��J^�S2��e�mz|��F˅�ӷ�c�P�t͒�� h��4&u?x΃� X�� &��5T0Q�_��wj��iamk��&��]��B9z��\'b��4O^ fqx��g�4�EC�T�5f6ȗ�㻻�^�p9H�6`�e��" �e�&�~��%u�&�m��5�B�q �a$��%�-=e� ʜ�ߖ��P��Y��PYW��*":�/}�j��ƶxS-��"�0��<�lk�;Őh�l��=�FAnC(��~G��q�us��Z��j�Ό�G��N��e�Tg��td<(��b��A�uɼ�B�/�N܏#I (^ꚗG�&nb�#2��.�`��q��(�L�h��bk̖��ZI+��[]ף�h��L}��{S�)��w%��qqJ�Uj�v#+� ��Kn.�r�i�&��}F�G�.��6��

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 604KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b54069d1b7f70ed3e080c83890499937

Headers

File Characteristics

Imports

msvbvm60

user32

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 361KB

.vmp0 Size: - Virtual size: 24KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 604KB - Virtual size: 600KB

.text
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 361KB

.vmp0
Size: - Virtual size: 24KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 604KB - Virtual size: 600KB