90dba1911b7114a7fe6724691279f4a5141c0395eb5881a4354ae82bac2de1d8

Sharing

Copy URL Twitter E-mail

General

Target

90dba1911b7114a7fe6724691279f4a5141c0395eb5881a4354ae82bac2de1d8
Size

1.1MB
MD5

a194a41e491d23d0d936a504546dca60
SHA1

1a2a6465d97d9476d6cdde10047bd3cdd6e8b6b6
SHA256

90dba1911b7114a7fe6724691279f4a5141c0395eb5881a4354ae82bac2de1d8
SHA512

e00384a05d44d67900b45d4f5044d3564a3b50d618d0d889b80b1cadb22805ec242af8eebfcd4e968346e194967f9d45f081c041a43ee962a1d5f514d1743a4c
SSDEEP

24576:5hcq81VzBux3NT/kXu3t2oS1WspwQY2smuo08HoJC6/i1j:J2z0d/kXu9HSHpiW08HOq1j

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

90dba1911b7114a7fe6724691279f4a5141c0395eb5881a4354ae82bac2de1d8
.exe windows x86

dc7bd511f6b2f0d29c011e8356f35270

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessVersion
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadImageA

gdi32

Escape

winmm

waveOutPrepareHeader

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

SHGetPathFromIDListA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

inet_ntoa

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc7bd511f6b2f0d29c011e8356f35270

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 430KB

.rdata Size: - Virtual size: 73KB

.data Size: - Virtual size: 157KB

.vmp0 Size: - Virtual size: 861KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: - Virtual size: 430KB

.rdata
Size: - Virtual size: 73KB

.data
Size: - Virtual size: 157KB

.vmp0
Size: - Virtual size: 861KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 8KB - Virtual size: 4KB