18a2f191db62cc45601981180e6263c46657f537e0842cbc350a47efaa775178

Sharing

Copy URL

Twitter E-mail

General

Target

18a2f191db62cc45601981180e6263c46657f537e0842cbc350a47efaa775178
Size

1.5MB
MD5

37e2490d6c9391fe81043eeb7cfa637a
SHA1

6cdbd359838b7213f2958717b914b1ac4157408c
SHA256

18a2f191db62cc45601981180e6263c46657f537e0842cbc350a47efaa775178
SHA512

fa76cdc67dbd8b2dab4d4aa835aa721f091c48b1ee0701102da9dd7fd8ae906da088f93d3626ce6a77a06cec4706e0eeb8eef60c3984d6b2c31b6bc670818e9d
SSDEEP

24576:BHA4Egl3XxnHjkn7ASzCxvB0lpVNulA8QNUG72mesjWuvTrE7xosTkEozWO2bWn:UW3XxHjiHrDulA8VG7v2SrE9b7wW3q

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

18a2f191db62cc45601981180e6263c46657f537e0842cbc350a47efaa775178
.exe windows x64

0b6705b2303e84541f1e84901e25569d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnumChildWindows

advapi32

ConvertStringSidToSidA

ws2_32

WSAStringToAddressA

Exports

Exports

J��h�x/.��Z�?^>��q1��I`�T��[� �ʶ��UEP"��d�k��`խc�l�/$n%6��*�鲻Y�M�l��j��Y=��*�:s� -`�T��~r��.Q��vd��D��͏ٚ�� [�Vݨ�yB��*PY?Z��|p��5Ɩ��"�v��l��i[��ж��rr��~�>�� ޭ��z-�>�-�)�ӧ��`qFZ�1��[�8�78��&J�t��/y��AJ쐵��[�5?�0ws�ӀbD��U�:�ӑ!a��1�K��N�� 0o�q'g�"*j+�&q�WF��dzB�A��h/�۱�yP��_��bb[�Y0��F�[w��=o��M��h��15�V�"jU��O|��K��1��=��3Wn��iM��Sq(Dd00h��L2J��O��q��!{=��~v"��#ϝ�`&��ŗ��wT>�I�O��C�*��,P�T��2��W��+�ZG.{��<]�gރ��S�� .�i�d�-��ͅ��*��8p}`��hF�^�NDbCvA��mn�Z`�?+�;�~m��[ʛ�� d��ax��d��_{\I}/�j~�D�ð�˫rqeK �ltG��<�X-!��^��f�g��^��RIǺ�^�!�X��g�"�L�`��z$@?ռ�&q�R=�ش��j�("4�X��K��%v{~(Ң4rAz�ZT�$�n�=1N��~��7ͭ��#/�s��8\g��`L�X�d�"�;vh;�W�ri�UChv�0��?�ȼ}I��6)��/f��~o�<k'3V��5;�R��@ ±]�bP�|��CXT:��tv��KGF��+�7P>�� ?�@�1磪u~�*�ڶ6�Μ�@��,�� A$3�:��D��f.� �.� ��ir�lC��bH*o�5G5�ק�״�qNF��Ƭ��N�|O0� :?e�>��J�w��u��N��dT�$ɾ��7Č�� &@=��u\�P��̏c�S�3~�*Ě��3,�cX�� A��dF�zHs��AY� ��4&ʲ*X-̣��m�e]ٶA�Og�o��@�/AYD ��`��RL ��(��a�j��GD9|Q'�}Q��fԔnu�~��!�d�¶Z�,V�!��e�F�� .��8ooXs/!~\w��@��!��rr�B=WH��VϯCٌ�p+*�9�V>F��V�R5��13D0��i��57�na,�/�m�4R�}��۲��zۡ��)�j%�� =�h�p3Sр�� 8�r��==��ɸ�*��ß�{[V)��bϲt9��j��g ��~�^��b�Z�U ��:c�R1N}Ǌ��>��;��JfHy��[�l�>�(�Y]G<7ڏK��)�T�+�2]+1�̌�0ooD;�V��r�I�js��a�司�Z̕��m��9��T1��_�^!r�)��l��'ڂ$�g��EB�Jkm��P��0��n-)'cl= X��C��8�q�D�u�ɔ`+��4�ZTՏ<�3��^G!��'0��@#�w��Y|��z[�3P�&Y�^�i��mj��NC�g2~Z��^�[В�>]�� <k^�r��d��k(:�P2��Y/`aZAƋ-I�V�GpRg`JxBI��E�-��JoR% ŃkC�uFƹ�%�h�#h~�.�3�_5�[��4D��/ QPT��=�:wPt�2��Ń��YϯKrvJ��0��8H��4QD3�av��y�k��,+f��w/�ю�C�g4�e��N�3{�Ok;�Y�宕Δq$��?�,}��T��lXR��zB=#Hw��˰JyF��Ot�5��b��]��W��,�O��'��ҹ�$��%� ��m�`E�QXa7h��\��`�6Ɣ��h�6��@d$�s�*&͔H��s�헝�{��;Ȫ��K�L�6��f��q��'X��NYE��ƜJ_�K"�(vAݱ�K�(��q�0 ��kbvp��j��* ��-:�` Q��ݡ#QHH��daT� �0��O�%﬙��6��+)��}A��~?%��)[S�z�X@?�j��^FHx�d��Ku�b ĥ��a��;��Wp�c�?,�&�' K�D�I�U;�W`tz�-��r��qB=噵f�"�ߺ�v�Ⱥ�v�� k��R��y��̘��yb:9f �*5�T��b��n�1G*�b�l�})��Si��VG��D�m��t��～݃_!�&�Q��r=3�F&��|5�U4=��.OVݽ=�"&�sUm4x�Zv��%]��Ͻ�6�q\Q�@&�֩?�\�lւH=��[�Ë�,��4��0��s��1��5/�� 4zo<9�:j��g��SK!��5; �&*F�ud�b0�s(q��]�� \lJˀo��{�AXެ��U_E��Smhi��?��z�)��[�XמK�c�ME\Kf�f��*��0��Dk.�a^�gW� ]��5˗/~Dĺ��.��W�S�!�X��yv�I\J0l�Wy��3xjz��EZo��W5��X�y��Ft>r��Io�,�-�,��:0��o �?�<)��k�4�ϼ��!З�|s��3=cR�`�]8�έ��d2L��H��VY�OLh�Z��%K��u��d��l|��̡��ތݑ�*��?��s-:�n��E�޿@3�+�s!��FU�?��C��U��a\��V�"!��!vO�hc�{��0.�M��L�[ΐ��3ꋉR_��꜔�B��ҝ��$��!T��6�Yr��.�5��q g�b��3��>�;I��(��֠�f��)O�g|��P3AE�C�

Sections

.text
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b6705b2303e84541f1e84901e25569d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 680KB

.rdata Size: - Virtual size: 278KB

.data Size: - Virtual size: 191KB

.pdata Size: - Virtual size: 32KB

.tls Size: 512B - Virtual size: 2B

.vmp0 Size: - Virtual size: 1.1MB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 44B

.rsrc Size: 1024B - Virtual size: 636B

.text
Size: - Virtual size: 680KB

.rdata
Size: - Virtual size: 278KB

.data
Size: - Virtual size: 191KB

.pdata
Size: - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 2B

.vmp0
Size: - Virtual size: 1.1MB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 44B

.rsrc
Size: 1024B - Virtual size: 636B