5efab328135e92825552dbdd28e63d93e2538075edcdc13152ad9ca57ab3d73e

Sharing

Copy URL

Twitter E-mail

General

Target

5efab328135e92825552dbdd28e63d93e2538075edcdc13152ad9ca57ab3d73e
Size

1.5MB
MD5

3ac7778874aad335ff9fbf7f8742e37b
SHA1

9cc65285945579e1f62c6c1e10d13f4e7d8aa404
SHA256

5efab328135e92825552dbdd28e63d93e2538075edcdc13152ad9ca57ab3d73e
SHA512

1810a3948e954881ac32a4cf888a0c0d72a908c4a451375f2e6381187827c50694fbc0bd785376f45554b52f1b9fb69d907511934d580eecf4d42bb4e4e03f47
SSDEEP

24576:AcOJuEozSAtY6t6Gz/s3a4gXSPIi6m1KMqabhwj4/f7Nkv4:AbuE8SMlTs3aBYKyb6j4XCv

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

5efab328135e92825552dbdd28e63d93e2538075edcdc13152ad9ca57ab3d73e
.exe windows x86

268293432f5f5be5645403057f0a3c35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMessageA

gdi32

ScaleWindowExtEx

winmm

waveOutPause

winspool.drv

ClosePrinter

advapi32

RegCreateKeyA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

inet_ntoa

comdlg32

ChooseColorA

Exports

Exports

ٖvG��2�d��ʎ1�'!��%v��9��_4b��>�)iA��j�;�P穫��3�h��y��{&%�<ئ �V�2��l��T�m�o�B��!򻀧k��=�"��lQH�;A[��y�[��QA��#~��J�J��4��F��r%�eQ� �{L>�UT< �pOF��D"�<�(��Z��Q��~�0� Qm鴾I�bS��{fxU�ֽ�6y��lf"q �E��X�{b�\M��k�T�-R_�$��:;07��v��Rf!��_O�e;K��XKf͖��N�ն��Z��%�+�E��_G��^Jb��)˴�a��ҦntY+��'�uƎ��GR��_�7��1 �Pʽe�ճ��B��hǂb��}��Sͯe�H��O��g��mSF��iҍ4�7:�@<:}%�� s�,;�,��E��hAȐ|!�a�%��`�e%��ƀon"�� ɦ<�$�}<B��Oy�f\r0�� c_D!�W�� r�:��}�1��7}/bq��[��E�1��0�q�/Px��2� #��u�W��F�`-rBĲ��n�g�G�))�T\C��m9�h�8ﾎ+�,kZ<��zj��3e��`V?� ��8I��o��r�'/2 � �J��QǛ��r��@)侐ڪkM��+D��5��G��5��)C��ѓ6��\�|x�� x��Q��y��7�N%��P#� ��ɛ�v�t3\)p�fc>��l�fRȊ�g>\��Q<��>DL�|ıy��pK?��?�|`*-k�Ǉ,k"�{B��[�D�O��h΢[�L�Ӳ#}r�唤4�o�(��F]��q�fؑu��h'Q��;��bɮw��Za+�V(��C8��Gd�� ,Y-yŃ�{w�TrY��"��ϴ��,�g(( ��睺��h?k��6�Zf�YxBt�W+��!��⊂L��F�;��)w.�avj��9�ڱiR��k��>�L��a�#)<H��l珨O��q>K��7�8�T'��GtWag�e��̹/pP��x��xH�^=�V::��ěA��[��N30эե P��P��J��Ht�,d�N>��I�&�Xx��p7V' �Cg�a]_ި��:��0�DL��F�Z��7q�j��!��]t��5�t!Po<�}��"��.�u0А��{��'�}��;��ؼGb\l8`g�� ϸ��Υ_TC:<�Lf��+A1��<�SUŶKF�}~�L�9��'$u}��ѤE��J�Z��v� �Ԟ��tJ��e��Q!��s�kC�Dr�_-xL�`�<F��o�Lh�&LX�"+℣X��z ��Y��e��T��-�gI=,ǁ��jW��~�)O�|��\�'��z<O��0\�9P�*�qv$Uˡ�]��b�ˈ~�t��?@sga�c��y ��q��Q-'U�) ��#cLAb��9�F=��8),@��q-�kE.w3�b C��2��%g��<ג�_�Adv��փnD��S�ɮ�=c�[J��V��.N$4�ߓȳ�.MBp�j�!5�Hu٨��v7�� d�$ o�K9�O�s��N Քg%�A�b��$3�6�b�i�n��=��d��)s��r%-�-� �w��Λ%��5��3��j��Hk�׿7q��Ew�k&��{�C�B�v�xy�o��k�l��E�9)@�W�f��_8��HE��F4�Z0V��zުn�K��N��C��R��GO8��Q�oL�uK��p~�*��0�Nda�v��<��7�sc��9I��EK'�O02r� b.?�B�!G�U׆*�(�%�<^Ձ�B�ٕ�"0��-L9��I|�UӀx��yYJ%��Թ��"�[�SHQ��NU0��os��lC秵�]T|'�0��zB�mw��e�� '"��q��F�w��`�~d�0��Ϸ�'�ox��טγz ��k�2ĠH!ơ^�i��Zɗ ӛi��H��U�,�V�_��J��o�(=:j��V��[�O��'�iE��K�:T��`�<(��`�;�ev��$��h�7V�R9��X��U?/��D��(�lFo�=��[� �e��S)-��t�� qN��9y��MG��0�!��}x� � @�ט��w2ƕ��s~�Pb��TE�mU<��|T�5�ߧ��(� [�o��5��p�y��PS]�ܶRd��f+ �^��f��d2�?�@�-�_̨1[�T��9[�J��A=�?@��vX��=��Xֲ��4�Ș�;�OIi�l�xˀJ�� B�@4ѝz�;�8��=a�p��>��g1��;4�a7: � ޵�� b&�E��,)+jF��3Bj&�]Fۉ�@��h�ΥqM]�[w��>�=��XU|#$�Z�6 G��j/�*o��}��I��4uP��7�I-�.��K�XA�2�nM�A�"�@J�̮��#�;]��UG~疪��Lg.*��m��L[0��_Ioq`��z��j��s�S��ot�ϐl��mCa�M4Lq�8�-�mo��1��oE�f1��v֨-}z(�@ �<psl"5�񓄛�gԬoA;��j��G��ݽ��YZ ��UK�8��Yڋ�3�d�]�҆k�#<��I�_��8Zx�Ҝe�侭�S��8_�]y㖽��)J�2�F�$�J��|x]k�3��SY�P��:�7��i��g��)�F��~��}��S�{��

Sections

.text
Size: - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

268293432f5f5be5645403057f0a3c35

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 501KB

.rdata Size: - Virtual size: 852KB

.data Size: - Virtual size: 121KB

.vmp0 Size: - Virtual size: 913KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: - Virtual size: 501KB

.rdata
Size: - Virtual size: 852KB

.data
Size: - Virtual size: 121KB

.vmp0
Size: - Virtual size: 913KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 20KB - Virtual size: 18KB