7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995

Sharing

Copy URL

Twitter E-mail

General

Target

7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995
Size

4.1MB
MD5

dbbb4cfc6d9cd1356d53c122cb97fd97
SHA1

5ce4ef9531612019dbf309436c8c55d290323fe6
SHA256

7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995
SHA512

8b147e79651f517d66be6e31b09bca95571ee69da5ba1f6639a08a66419ba5d50ab02051fadb7858b39cb68acd4d28029ef7c3ec48ce05da52718f1efbbf7580
SSDEEP

98304:wdBaZn29qwS9m51SXt1T8GTH8gS4TyF0ES5:kgY9AwKtV8GTcgHGF0

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995
.exe windows x86

ea646c0f2bca63474498fad63093f804

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

winmm

waveOutPause

ws2_32

recv

kernel32

GetVersionExA
GetVersion
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsWindowVisible

gdi32

CreateRectRgn

winspool.drv

ClosePrinter

advapi32

SetSecurityDescriptorDacl

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

RegisterTypeLi

comctl32

ImageList_Destroy

wininet

FindNextUrlCacheEntryA

comdlg32

GetFileTitleA

Sections

.data
Size: - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea646c0f2bca63474498fad63093f804

Headers

File Characteristics

Imports

shlwapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.data Size: - Virtual size: 514KB

.rdata Size: - Virtual size: 2.9MB

.data Size: - Virtual size: 220KB

.vmp0 Size: - Virtual size: 585KB

.vmp1 Size: 4.1MB - Virtual size: 4.1MB

.rsrc Size: 24KB - Virtual size: 21KB

.data
Size: - Virtual size: 514KB

.rdata
Size: - Virtual size: 2.9MB

.data
Size: - Virtual size: 220KB

.vmp0
Size: - Virtual size: 585KB

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

.rsrc
Size: 24KB - Virtual size: 21KB