3804203118158dac706edb66e87fff60bdc90a67f98afb30a8bced4277e2951c

Sharing

Copy URL

Twitter E-mail

General

Target

3804203118158dac706edb66e87fff60bdc90a67f98afb30a8bced4277e2951c
Size

2.4MB
MD5

b8e349ea57aa9a123dc85e428b735447
SHA1

cc7363dc05ae8145ba358befb7bf0cf9ad7d448f
SHA256

3804203118158dac706edb66e87fff60bdc90a67f98afb30a8bced4277e2951c
SHA512

913ad8408e1f681d5f2845a278c43accf2dd6405c241e97cadbe93147570ec353081b59c3a0ab3384fdb66cf9c3303b7772cb00c42283f152d16daf34ba908df
SSDEEP

49152:w88DCdXh8WboRRbgHBy9SqsIdwHJqK4F51nirWJ+:Z8edH8RRbgkdmqKCzirWJ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

3804203118158dac706edb66e87fff60bdc90a67f98afb30a8bced4277e2951c
.exe windows x86

2e6a06bb53e22de4db9a58ed3be7288f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOpen

ws2_32

WSACleanup

kernel32

InterlockedIncrement
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

GetWindow

gdi32

CreatePalette

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

RegisterTypeLi

comctl32

ImageList_Destroy

comdlg32

ChooseColorA

Exports

Exports

��%B�o�;��qMy{ނ�CK�7E~�1�V��s�^7Z��w��Aǖpw.�2�0��#�z��n��%ÒN��'M��*��ɕ�"APeai��-�YgX#��-p~��o�_��7��(��SpHNWB :��V��W4p��q�ڀ1� y��ϑ��F�}�o�cc��1)Z'�"C^�}n��M^��p7�,t�*�!Δn�@ASL��s��S��r� ��b�Ǜ㎦7��א5�^�KY��b��R ��5B* $H"�J��J�Fu+HS�?d��:�1�8��W��U�8c�K��KX��Ær-�",�ģ|�K\�+��"S� F�Ea_`�Y޵� �E��Y5À�27��Oh��R⦟��78��Ɨ�A�4�JOn�/��&�T\i��\�i�n��-��ڇ灳��v�.E�U�˦�Ѥ-ax�=��9)U�٣�u�l��>��?K#2��=�<��u;s�ّ�i�F��v��G�Ï��@�;.��.J��Ok��iW ��L��vh(��ޠ�9�D�r�R\��%?��iHEL�� qh�V�Mϖ��Ķ�`j��<��X�=L�M"��t��B��ёpg!2��=��z;[ ŉ-�b��:�9�kt��ڂ,� ��63�N)�¿U�/ǧ�Ui�s�'��&u�=��\B��p萓�x�*�g��%ʤ��ۗ��[x��L��'V��a�ҋ�E!�Mmz*["��O�i٬��84<B^�L�j��m�[bC��Z��46�CH�?"R�J<T�4��b� I�k��S�lr��@;� ��#��^C.^��A��ٖ�� l��p ��*��kț��R�+� ��G�Ͷw��X�uD1�/��0_.��o��ݦGV;$7&�Б�@�w{Լ��X�o�X�L��=�p��T%Be�;/j]a��u)�ZPƂ��*T_��g��D�@)��K+O��{�>5rɂy2��`��ӹ�l;!��31iZ�pLtQ4�!Cz�]HeÆ��,W�髬��2_e:)-R_-vP��7��&!��d�V��'�y`>�o��[��E�'��"Z��7�, p5�ʺ��(�6}<�o,��-xes�l;�3��dA1�+{�?ԇ��2��v��+�� B��;�U�m\��.hTu�T0��<�I�B�w~�~�^��!N;D��!zY4��z��p{��;VK��͊��5J�ﶥ��ݗ-.� IG��]��l��$�JC��0G�$�F'�� =<ϫ��E�a�e#��H�qj�-e��"Cs��I��R5��J��0��nL��^��I��1�{��0�?ٲ�MVS�2"LLˣ~_+|L��c��K!�*��o7jL�g�lkn0 D�Ϩ��P�%�'�" Z�`4�0��nC,��L9p�y��b��h�>Dg=ƙ{F(�7�v]�Z�`�Չ`�崤W; ��\�a=nKe3��Òw�D��=)�#�\1q��x}�T�_��w��+�#�2|��$i��*�� ^��H�B��i�O_w^��jCI[�,�{�F-�K��d��Y��/<_�9ݛ+�Z;1�&��䕵��;�f��1N��O��eEh�V�3��̬9�Iqdr��0d��l�u��?X��?e�B�,A�d�,��'$�z��^[9��$wEH��J��I>-��T��KÃ��֬ۖNO�D��Q��U�adq�I��0�l,+��ny��p �!�}�F�$�KS��at2n��#��o�*^�v��T� h��A�w��X(غ&�Ey�Ϥ��dd%��C��V��3��`1q�s�,I��(��1�ݜs3 ��=�7��.�.� B��Z*7a�<��V�bO�H�q�gkKZU��Z��N�h^�9�p��A>�Md7)�S-h��Xމ��] H?��5��x��9�K� �S��%kep�߁ǡ��C��a~��1��A�%3s�$��Ш��8�D� \;b��i�n4��R��Ha�1��c_�-��u��{��~�ߒf$\��sJ��s#qeY��|�0�]�N��sKJ�qeNk@@.��o��/��,�Z�g��\��yɥ�� RXX��9��Z4W ��xPN_�%��t�{0��%��>��$�x��F�v.��e��O�t��Y��@�x@�s��n�A@�bѺ� ��%��J�z*]�qmmp�R@ a��еZ �\��M��o��S��ǂ\)(F��t��n�:l3�� T�|�^��12��i�S7H��u �[cE�]}��~��ڒ�!��u>��#S?��D�1�mS��&��~��U��0�Ey��\�A"udJ�Z�MGϮMw��*H��~��e3e�E��(��H�r��wU|0��l�\F�זS��CV]��8�� _P��Fޥ5�cK4 ��3��_٪�,��aSe��ҩ��ܒ��*-�ɷI��%c�,�,pߪ"�nTs'� ��3��2�@��o]� ^��覝��ٱ*�j_��7��.�Swu��föJ�C��R<s*�_�N�Ø��\�[m3uu,��|Yb�ێ��L��C4�4A:��^��ԛ��:��E�],nޠxJ:�,�s��0W��㕈M��%�k/�>�)��<"pw*Э�c#BM��,P��9xTF�|�'��rP��hXa�p�\�g�הn}�Y�Ba��>s5��\-��8u� ��ds+aH�8��j��3WDZ��G#I%�

Sections

.text
Size: - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e6a06bb53e22de4db9a58ed3be7288f

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 465KB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 188KB

.vmp1 Size: 88KB - Virtual size: 85KB

.vmp0 Size: - Virtual size: 80KB

.vmp2 Size: - Virtual size: 1.1MB

.tls Size: 4KB - Virtual size: 24B

.vmp3 Size: 2.3MB - Virtual size: 2.3MB

.rsrc Size: 88KB - Virtual size: 85KB

.text
Size: - Virtual size: 465KB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 188KB

.vmp1
Size: 88KB - Virtual size: 85KB

.vmp0
Size: - Virtual size: 80KB

.vmp2
Size: - Virtual size: 1.1MB

.tls
Size: 4KB - Virtual size: 24B

.vmp3
Size: 2.3MB - Virtual size: 2.3MB

.rsrc
Size: 88KB - Virtual size: 85KB