2aa8ed19fcd57bf8c008c5f7b5a0aa9eb9f71e67e18d427f0d66b5bff569bd89

Sharing

Copy URL

Twitter E-mail

General

Target

2aa8ed19fcd57bf8c008c5f7b5a0aa9eb9f71e67e18d427f0d66b5bff569bd89
Size

432KB
MD5

b9d5f9ba18071f9fff619feeb2308cd8
SHA1

45ffdcbd9164b7159a0ff71c59d12294ef62c8ad
SHA256

2aa8ed19fcd57bf8c008c5f7b5a0aa9eb9f71e67e18d427f0d66b5bff569bd89
SHA512

14b78d970b33e61024ca7e821e602cfdc46bc4d7cf56862eb0d4a1f661e2cc5f1d0b266d79a2933d8377e6a932b630546365a9df300c8f00a3d35db597213a57
SSDEEP

6144:C3azg5lUyG/1Ikz/DnRJXYrJ3Dwgw1O3BZRr14w42PtHyRPQwp3Pw/d:C4KlUyELnRJX8JRr14qtpwpu

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

2aa8ed19fcd57bf8c008c5f7b5a0aa9eb9f71e67e18d427f0d66b5bff569bd89
.dll windows x86

fa6f91ecacb2b29963f906bcce3d4ea5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
GetVersion
LocalFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetPropA

advapi32

RegOpenKeyExA

oleaut32

VariantChangeType

version

GetFileVersionInfoA

gdi32

GetPixel

comctl32

ImageList_Destroy

Exports

Exports

CPlApplet

Sections

CODE
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa6f91ecacb2b29963f906bcce3d4ea5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

Exports

Exports

Sections

CODE Size: - Virtual size: 416KB

DATA Size: - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: - Virtual size: 8KB

.edata Size: - Virtual size: 73B

.vmp0 Size: - Virtual size: 64KB

.vmp1 Size: 422KB - Virtual size: 421KB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 8KB - Virtual size: 41KB

CODE
Size: - Virtual size: 416KB

DATA
Size: - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: - Virtual size: 8KB

.edata
Size: - Virtual size: 73B

.vmp0
Size: - Virtual size: 64KB

.vmp1
Size: 422KB - Virtual size: 421KB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 8KB - Virtual size: 41KB