8d1480e56e9bb9deba031eb7111c6743ca7d3304ad4f3bf67581b246129e0ed4

Sharing

Copy URL Twitter E-mail

General

Target

8d1480e56e9bb9deba031eb7111c6743ca7d3304ad4f3bf67581b246129e0ed4
Size

1.1MB
MD5

905f9ea39dee7db8cd43a27b05010cef
SHA1

772af5f574614eeea1e8c48a4805c11039e93490
SHA256

8d1480e56e9bb9deba031eb7111c6743ca7d3304ad4f3bf67581b246129e0ed4
SHA512

3c1339fbecd5a93aecfac80a8512f1e9cb940c6cd453240684b3bf067230fe82d964911fab0d9f6928bc64f5647de8cad60ba3e3d87cd40513d6050b0b48819f
SSDEEP

24576:OI47nref4bbJ6kFHgeRPIflKzq4ptWlw6Jr9CkrN6Ia1GL2FgyrxI2n:Ye60sPIfszq4pt+w6XC8N6XUogyrx5

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

8d1480e56e9bb9deba031eb7111c6743ca7d3304ad4f3bf67581b246129e0ed4
.exe windows x86

0486654338c0b7b28241f4206850a02c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA

gdi32

CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA

oledlg

ord8

ole32

CoRevokeClassObject

oleaut32

SysFreeString

Sections

phone
Size: - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 71KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 1018KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0486654338c0b7b28241f4206850a02c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

phone Size: - Virtual size: 755KB

Size: - Virtual size: 8KB

Size: - Virtual size: 628KB

Size: - Virtual size: 4KB

Size: 71KB - Virtual size: 400KB

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 20KB

.vmp2 Size: 1018KB - Virtual size: 1018KB

.reloc Size: 512B - Virtual size: 164B

phone
Size: - Virtual size: 755KB

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 20KB

.vmp2
Size: 1018KB - Virtual size: 1018KB

.reloc
Size: 512B - Virtual size: 164B