1accef878d5fd0ef70de2a68d9afb548bb41039bd869210217aafa94b48efbb5

Sharing

Copy URL

Twitter E-mail

General

Target

1accef878d5fd0ef70de2a68d9afb548bb41039bd869210217aafa94b48efbb5
Size

468KB
MD5

041827ab68cab537676f44cc1f0200ac
SHA1

04e931b145ec60587e0631be6ff191c4aa98936f
SHA256

1accef878d5fd0ef70de2a68d9afb548bb41039bd869210217aafa94b48efbb5
SHA512

d6c71b9124b9cd35cc07ab3a82ec636a63eae7831a0f87ca418208d41a596d880bef09abccd5232181590fa9e7ed985254c0354fb38a05e5e42dc2c0db51fbcc
SSDEEP

6144:20SNsQRAZu5rHQ+jE0r/ah6IPdJwBfRM0c+IIH5lDcinE7VoqGe6qnMemoLwplYN:ySQeZYQKEeSfGA+5oCGVoqMemzlYN

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

1accef878d5fd0ef70de2a68d9afb548bb41039bd869210217aafa94b48efbb5
.dll windows x86

1c640446172d3c0281ed4c63f5a1c25d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

?what@exception@std@@UBEPBDXZ

ws2_32

WSAAsyncSelect

ole32

CoCreateInstance

user32

SetTimer

advapi32

OpenProcessToken

psapi

GetModuleFileNameExA

Exports

Exports

scanCook
scanbegin

Sections

.text
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c640446172d3c0281ed4c63f5a1c25d

Headers

File Characteristics

Imports

kernel32

msvcp80

msvcr80

ws2_32

ole32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 540KB

.rdata Size: - Virtual size: 374KB

.data Size: - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 428B

.vmp0 Size: - Virtual size: 40KB

.vmp1 Size: - Virtual size: 37KB

.vmp2 Size: 456KB - Virtual size: 455KB

.reloc Size: 4KB - Virtual size: 160B

.text
Size: - Virtual size: 540KB

.rdata
Size: - Virtual size: 374KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 428B

.vmp0
Size: - Virtual size: 40KB

.vmp1
Size: - Virtual size: 37KB

.vmp2
Size: 456KB - Virtual size: 455KB

.reloc
Size: 4KB - Virtual size: 160B