d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1

Sharing

Copy URL Twitter E-mail

General

Target

d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1
Size

2.6MB
MD5

288919c82b6ba6df332a71fd70ae0bc2
SHA1

e0a83a58809ab4ffe0f48bf6ce69b2e2a0faebdd
SHA256

d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1
SHA512

61797d26bd164d2a413521b932a195fce21dd1c1880c7ac3dbf734b48a3be445a74609deb0d99ac98559edf0c24ca1c5f7a9005e26663b9818c13ceef29b0a6a
SSDEEP

49152:2jKxFXDxXQeUqmBjbygbKWkEC2J0yz+6lewP4xEc5nlpbKKjDI:22xnXeBfHbKWkEz0yKuDAxZ5nyKjDI

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1
.exe windows x86

179980cf338328eeabc6339fe6f78bc9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutOpen

ws2_32

inet_ntoa

kernel32

lstrlenA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsChild

gdi32

GetSystemPaletteEntries

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc

oleaut32

SysAllocString

comctl32

ImageList_Destroy

oledlg

ord8

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 870KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

179980cf338328eeabc6339fe6f78bc9

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 485KB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 211KB

.vmp0 Size: - Virtual size: 870KB

.vmp1 Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 92KB - Virtual size: 90KB

.text
Size: - Virtual size: 485KB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 211KB

.vmp0
Size: - Virtual size: 870KB

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 92KB - Virtual size: 90KB