a7c9e2b41f51ca6e2842543199bfcccfdfbb51dbc15c4b7bf6c8a2ad957a5fb4

Sharing

Copy URL Twitter E-mail

General

Target

a7c9e2b41f51ca6e2842543199bfcccfdfbb51dbc15c4b7bf6c8a2ad957a5fb4
Size

72KB
MD5

6a7e247d3680685f6944c5331b7988e2
SHA1

499f06cfc8a8bbbdcce06713d8394372b6d0b0ab
SHA256

a7c9e2b41f51ca6e2842543199bfcccfdfbb51dbc15c4b7bf6c8a2ad957a5fb4
SHA512

1ac838837b98544380c711bd48aa1d4aace3479333403bc23ec44c8b273e3f1ab3341657c241d01f3fb41e15c232d22f2ec9a8356e578e165752c4094f66ed0a
SSDEEP

1536:kmvJXbj0b0QQoxxt09gTTP80gfi86O1YcfD/75D0OzC:kwh0rQmBTTE0g686O9DY

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a7c9e2b41f51ca6e2842543199bfcccfdfbb51dbc15c4b7bf6c8a2ad957a5fb4
.dll windows x86

3e41be9f2973f16e8eee1dee8cafbef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
IsBadReadPtr
Sleep
DisableThreadLibraryCalls
GetModuleHandleA
CreateThread
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics
SetRect
GetAsyncKeyState

d3dx9_43

D3DXCreateLine
D3DXCreateFontA
D3DXVec3Project

msvcr90

_vsnprintf
_encode_pointer
_malloc_crt
??2@YAPAXI@Z
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
vsprintf_s
sprintf
memset
_CIsqrt
_CIsin
_CIcos
free
_CIatan2

Sections

.text
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e41be9f2973f16e8eee1dee8cafbef1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3dx9_43

msvcr90

Sections

.text Size: - Virtual size: 28KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 24KB

.vmp1 Size: 69KB - Virtual size: 69KB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 1024B - Virtual size: 686B

.text
Size: - Virtual size: 28KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 24KB

.vmp1
Size: 69KB - Virtual size: 69KB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 1024B - Virtual size: 686B