1a75593b664629a9062670a42c743984e362e16cf3c4a262542602e8856b2c26

Sharing

Copy URL Twitter E-mail

General

Target

1a75593b664629a9062670a42c743984e362e16cf3c4a262542602e8856b2c26
Size

52KB
MD5

651ebee34bb81da45ff27812f2714849
SHA1

459ad1d1a63ee48f563f04bb190aa1f1aa95ff17
SHA256

1a75593b664629a9062670a42c743984e362e16cf3c4a262542602e8856b2c26
SHA512

db458a548f5ca08803fc94866d78dc2bc962904d02ce5f00c7d9d4000d88ee4641a8e16584c2c6bd993ff950a6cca96e0e1a01ede682d5c94bf7eb7e6ef298e4
SSDEEP

768:dBzZfche0+azRH2z5ch+dN/QAtnI5m7OONWwnIYEXlIrahNZChQ+Ns21LLm7V2:3zuz++RH2z7dNYuI5Wa4tESGpTyPmx

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

1a75593b664629a9062670a42c743984e362e16cf3c4a262542602e8856b2c26
.dll windows x86

115fdb082bfe77dcc0530b80e302be75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Sleep
CreateThread
GlobalFree
WritePrivateProfileStringA
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GlobalAlloc
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
Process32First
OpenProcess
GetCommandLineA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcatW
GetSystemDirectoryW
lstrcpyW
LoadLibraryA
GetTickCount
ExitProcess
WinExec
Process32Next
MultiByteToWideChar
lstrcpyA
lstrlenA
CloseHandle

user32

wsprintfA
ClientToScreen
SendMessageCallbackA
MessageBoxA
FindWindowA
SendMessageA
ReleaseDC
GetDC
GetClassNameA
GetWindowTextA

gdi32

GetPixel

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
_except_handler3
malloc
free
__dllonexit
strtol
strncpy
strstr
__CxxFrameHandler
isspace
_onexit
_initterm
_adjust_fdiv
atoi
printf
_itoa
isalnum
_stricmp

mfc42

ord665
ord690
ord3229
ord5204
ord5683
ord5186
ord354
ord3318
ord1074
ord389
ord6881
ord3507
ord5442
ord6657
ord2393
ord1979
ord860
ord941
ord2818
ord4277
ord6663
ord4278
ord858
ord6877
ord537
ord800
ord535
ord5572
ord2915
ord540

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

ws2_32

WSCEnumProtocols
WSCGetProviderPath
WSCInstallProvider

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

Exports

Exports

WSPStartup

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

115fdb082bfe77dcc0530b80e302be75

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

mfc42

msvcp60

ws2_32

wininet

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.vmp0 Size: 4KB - Virtual size: 1KB

.vmp1 Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB

.vmp0
Size: 4KB - Virtual size: 1KB

.vmp1
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 1KB