a36b0b3703928f46c9f648910eeff253aa6fa702614e173e05b95d902416d8d2

Sharing

Copy URL

Twitter E-mail

General

Target

a36b0b3703928f46c9f648910eeff253aa6fa702614e173e05b95d902416d8d2
Size

97KB
MD5

040aae2e851338bdce796420914e928a
SHA1

97600fbd2fec878923a722bc054e3e4803127f8f
SHA256

a36b0b3703928f46c9f648910eeff253aa6fa702614e173e05b95d902416d8d2
SHA512

ca63da2e759f5c7c2cf17619131b2e26a8cadbede291005546634593aaa16baefec302e4586c232e9f550e1ae4a2d1b2e8ffe1e98f4ade7d49ea59c1e4c6c82c
SSDEEP

1536:wkxaf6YvvCiBAR66FIU66zKZyUqRWnLwNPoAyqyuy5d98xCUzan1SKmHI:woYO66FxeUHWAyJ5daxCUzK1SKT

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

a36b0b3703928f46c9f648910eeff253aa6fa702614e173e05b95d902416d8d2
.dll windows x86

f5c22fcd53511f63c96db776dbfe2dbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentProcessId
WriteProcessMemory
OpenProcess
GetModuleHandleA
CloseHandle
CreateFileW
HeapSize
GetCurrentThreadId
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
RtlUnwind
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
RaiseException
FlushFileBuffers

user32

SetTimer
KillTimer
SendMessageA

Exports

Exports

FPk
FindGoodTime
GetGoodName
GetKey
GetPackage
GetPk
GetPlayDate
GetVar
PtoByte
PtoF
PtoInt
PtoText
PtoWord
SelMon
SelQ
SetHand
SetMon
Wr
wrH

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5c22fcd53511f63c96db776dbfe2dbd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 5KB - Virtual size: 282KB

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: 6KB - Virtual size: 5KB

.vmp1 Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 5KB - Virtual size: 282KB

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: 6KB - Virtual size: 5KB

.vmp1
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB