8fcd173adc4f92c68e43c2c33803b9dfcf2da5ed51051e45ff3723ecb316e355

Sharing

Copy URL Twitter E-mail

General

Target

8fcd173adc4f92c68e43c2c33803b9dfcf2da5ed51051e45ff3723ecb316e355
Size

92KB
MD5

0c2f6855e52601b3585d936a932db7e0
SHA1

a990ffc0dfa0996f90040a30c72719ad6a0c922b
SHA256

8fcd173adc4f92c68e43c2c33803b9dfcf2da5ed51051e45ff3723ecb316e355
SHA512

238886523e416d11ffc21f24a1c37d72cd16d2b872a5f219a804d7417ff505f69517ac8ca3fa634dd8c90243533d40305275655d99dfc427c142feae367fddf6
SSDEEP

1536:OdsYfdRc7g7IX8tilUmFQUtUVqqdtnT520I:OLRUYYHdEzDI

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

8fcd173adc4f92c68e43c2c33803b9dfcf2da5ed51051e45ff3723ecb316e355
.dll windows x86

eae006b22a6572eb457c5a726d182fba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strcmpi
_itoa
_strupr
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
isalpha
isdigit
realloc
sprintf
isalnum
isspace
_vsnprintf
strchr
atoi
_except_handler3
strrchr
strncpy
_stricmp
wcslen
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
free
_strdup

kernel32

TerminateProcess
GetSystemDirectoryA
GetTickCount
ExpandEnvironmentStringsW
GetProcessHeap
GetLastError
Sleep
lstrcpynA
SetUnhandledExceptionFilter
GetWindowsDirectoryA
WritePrivateProfileStringA
CreateMutexA
FreeLibrary
HeapAlloc
LoadLibraryW
IsBadCodePtr
GetPrivateProfileStringA
CloseHandle
GetProcAddress
LoadLibraryA
IsBadReadPtr
GetCurrentProcessId
GlobalFree
GlobalAlloc
GetFileSize
CreateThread
GetModuleHandleA
AddVectoredExceptionHandler
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
FlushInstructionCache
GetCurrentProcess
Thread32Next
SetThreadContext
GetThreadContext
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetModuleFileNameA

wsock32

socket
recv
send
WSAStartup
WSACleanup
shutdown
closesocket
gethostbyname
connect
htons

user32

wsprintfA

ws2_32

WSCEnumProtocols
WSCGetProviderPath

Exports

Exports

WSPStartup

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eae006b22a6572eb457c5a726d182fba

Headers

File Characteristics

Imports

msvcrt

kernel32

wsock32

user32

ws2_32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 10KB

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 40KB - Virtual size: 37KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 10KB

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 40KB - Virtual size: 37KB

.reloc
Size: 4KB - Virtual size: 1KB