645fd5823b27e4d8c592888bf07056878ffa3568f2959aded51d3d95be71913e

Sharing

Copy URL

Twitter E-mail

General

Target

645fd5823b27e4d8c592888bf07056878ffa3568f2959aded51d3d95be71913e
Size

627KB
MD5

67a94068ccdf4124369c8c4f795dd188
SHA1

878aa8246ae0084d1e37e810c83deee3f2371c55
SHA256

645fd5823b27e4d8c592888bf07056878ffa3568f2959aded51d3d95be71913e
SHA512

d60df03d17324450ed2caa012fa0bb1f3f3efdb47ffd91fca954effaaf64fa812d2155f5db8c1f0f1fd3d04e4578b2576e8eceeae5abe46a62ee7bfbd4e58329
SSDEEP

12288:ukZaLNryXCSWKXPl/m25EMICK5YJc+/Qps0ABzRD0xCmzJv6eZrtY4Y3Tz:HZaUXCSWKfl/m25TK/pulDsv6CrtY4Y3

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

645fd5823b27e4d8c592888bf07056878ffa3568f2959aded51d3d95be71913e
.dll windows x86

3c4b18938cae5e3e21e7ba867bb71e3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
GetVersion
UnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetForegroundWindow

advapi32

RegCloseKey

oleaut32

VariantCopy

version

GetFileVersionInfoSizeA

gdi32

GetPaletteEntries

comctl32

ImageList_SetDragCursorImage

wininet

InternetOpenUrlA

Exports

Exports

CPlApplet

Sections

CODE
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c4b18938cae5e3e21e7ba867bb71e3a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

wininet

Exports

Exports

Sections

CODE Size: - Virtual size: 428KB

DATA Size: - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: - Virtual size: 8KB

.edata Size: - Virtual size: 70B

.vmp0 Size: - Virtual size: 270KB

.vmp1 Size: 622KB - Virtual size: 622KB

.reloc Size: 512B - Virtual size: 124B

.rsrc Size: 3KB - Virtual size: 29KB

CODE
Size: - Virtual size: 428KB

DATA
Size: - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: - Virtual size: 8KB

.edata
Size: - Virtual size: 70B

.vmp0
Size: - Virtual size: 270KB

.vmp1
Size: 622KB - Virtual size: 622KB

.reloc
Size: 512B - Virtual size: 124B

.rsrc
Size: 3KB - Virtual size: 29KB