a4457b1adc43844f398383310e0c3b4174f68d2c5e27d8850b8755463d5abade

Sharing

Copy URL

Twitter E-mail

General

Target

a4457b1adc43844f398383310e0c3b4174f68d2c5e27d8850b8755463d5abade
Size

2.4MB
MD5

ed8f57c193cc7662267c4081311126d1
SHA1

9ab0afe819f90bac86134f7d816cac00e1c59092
SHA256

a4457b1adc43844f398383310e0c3b4174f68d2c5e27d8850b8755463d5abade
SHA512

8f081bb656d11d74cbda82625c9063a2b7b3dc229af7acb397fe2a0b50531981c868c3695ef085b09a7b65e8cd646ca836059adc063c12498bc0dfb1c8bf017a
SSDEEP

49152:ILufMzj/JJEx7r2fFlTadi2RfVoew8KvRf24TS0FcdlRYtRVoQebqNmXbi41eee:IyfQvYGlT0i2RyFBTvKdbY/o+4

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

a4457b1adc43844f398383310e0c3b4174f68d2c5e27d8850b8755463d5abade
.dll windows x86

105ecf7f264a566591a0c9ca5fcb5e1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

midiOutPrepareHeader

ws2_32

gethostbyname

kernel32

GetVersionExA
GetVersion
GetFileType
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsWindowVisible

gdi32

Ellipse

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

CoFreeUnusedLibraries

oleaut32

SafeArrayGetDim

comctl32

ImageList_Destroy

oledlg

ord8

wininet

InternetSetOptionA

comdlg32

GetSaveFileNameA

Exports

Exports

DllEntry

Sections

.text
Size: - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

105ecf7f264a566591a0c9ca5fcb5e1d

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 812KB

.rdata Size: - Virtual size: 671KB

.data Size: - Virtual size: 258KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 4KB - Virtual size: 192B

.rsrc Size: 8KB - Virtual size: 19KB

.text
Size: - Virtual size: 812KB

.rdata
Size: - Virtual size: 671KB

.data
Size: - Virtual size: 258KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 4KB - Virtual size: 192B

.rsrc
Size: 8KB - Virtual size: 19KB