aab2eef1a2011c9826ed47232c5bb400997b35a39282658332e8278f530238ef

Sharing

Copy URL Twitter E-mail

General

Target

aab2eef1a2011c9826ed47232c5bb400997b35a39282658332e8278f530238ef
Size

595KB
MD5

6477d14a6d848559ed0f1d9acddc7dd0
SHA1

7c2f7c6a70ee9aa5626c16d7fa6a39ec7e8729c0
SHA256

aab2eef1a2011c9826ed47232c5bb400997b35a39282658332e8278f530238ef
SHA512

61cf240aef0376bbeac7ddefbbee9a697055e137718f98cb7e4571dffa25562aef7e27c7c8257ed2335ab0427415d26305342a5102236ff65934bdd276a5a59c
SSDEEP

12288:kG44LcICzUa2HShWMiFZd93EOYmNemMjSiPJ1G8yJbp+n0lLXZY:pcW5ShIVUO1NeCiLFyj+IK

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

aab2eef1a2011c9826ed47232c5bb400997b35a39282658332e8278f530238ef
.exe windows x86

cfd2adff89a305a0b743e330fc80adb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

msvcp100

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

msvcr100

__setusermatherr

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfd2adff89a305a0b743e330fc80adb8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp100

msvcr100

Sections

.text Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 1KB

.vmp1 Size: 512B - Virtual size: 436B

.vmp0 Size: - Virtual size: 1KB

.vmp2 Size: - Virtual size: 581KB

.vmp3 Size: 592KB - Virtual size: 592KB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 1KB

.vmp1
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 1KB

.vmp2
Size: - Virtual size: 581KB

.vmp3
Size: 592KB - Virtual size: 592KB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 512B - Virtual size: 434B