6eacba67dca47203773397685d8c6a0cbe880cdf06b5054c7c4c702d0d405844

Sharing

Copy URL

Twitter E-mail

General

Target

6eacba67dca47203773397685d8c6a0cbe880cdf06b5054c7c4c702d0d405844
Size

274KB
MD5

071bcf36fabd1394869a1817937c0772
SHA1

1c346f79c72df00f3e7d2f009d0087078977fef6
SHA256

6eacba67dca47203773397685d8c6a0cbe880cdf06b5054c7c4c702d0d405844
SHA512

4c14db33264999287e2a729088292514eb84e3edb6958008bd26fc352f160641967b8140db4a0537b2ba0d05db8a93afaddcdc7c376bd49ddac2c82c380c3a23
SSDEEP

6144:GpOHSsUUW1o8vxnM4+bPNxycSyL6WsW6h3YgJaWLZcFz:G2UUWvv+x1Sy+rhogYWlQz

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

6eacba67dca47203773397685d8c6a0cbe880cdf06b5054c7c4c702d0d405844
.exe windows x86

36e69f8cb227474af829db21b0339337

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

EnableWindow
MessageBoxA

gdi32

GetDeviceCaps

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExW

shell32

SHChangeNotify

ole32

CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36e69f8cb227474af829db21b0339337

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 149KB

.rdata Size: - Virtual size: 19KB

.data Size: - Virtual size: 133KB

.rsrc Size: 69KB - Virtual size: 75KB

.vmp0 Size: - Virtual size: 60KB

.vmp1 Size: 204KB - Virtual size: 203KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: - Virtual size: 149KB

.rdata
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 133KB

.rsrc
Size: 69KB - Virtual size: 75KB

.vmp0
Size: - Virtual size: 60KB

.vmp1
Size: 204KB - Virtual size: 203KB

.reloc
Size: 512B - Virtual size: 224B