115a2b0d370b237f8c159f0426c3d5a8724185bb613d02cddf68d4850c7e0165

General

Target

115a2b0d370b237f8c159f0426c3d5a8724185bb613d02cddf68d4850c7e0165
Size

3.5MB
MD5

83de3fe759c296aefa69003ff6224f0d
SHA1

535020e5555ce808fbeebd444adf39e127e9b5be
SHA256

115a2b0d370b237f8c159f0426c3d5a8724185bb613d02cddf68d4850c7e0165
SHA512

a97df492237d7f00401b68b210e1537bde1a53768fb9f3f7a7257d3b1c18708ab244ae2e6c32f494ec3f9af4d4c30e420aec9e6a7d0e61a00a513c25eeb7656d
SSDEEP

98304:ygYE3FmA3feDslYOe1zg+A1+7xPdkVgqqi:c0gAPek9eG1Ix1EgqJ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

115a2b0d370b237f8c159f0426c3d5a8724185bb613d02cddf68d4850c7e0165
.dll windows x86

1f5c064c5e1e1316088b1b7829818c9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA

kernel32

GetModuleFileNameA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

AddCopTxData
CancelCopTxData
Connect
Construct
Destruct
Disconnect
GetDevice
GetJ2534ReqTime
OffReadMsgFilter
OffTesterPresent
ReadMsg
SetConfig
SetIOCTL
SetReadMsgFilter
SetTesterPresent
SetVoltage

Sections

.text
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f5c064c5e1e1316088b1b7829818c9a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 364KB

.rdata Size: - Virtual size: 76KB

.data Size: - Virtual size: 12KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 364KB

.rdata
Size: - Virtual size: 76KB

.data
Size: - Virtual size: 12KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB