29e12d29bdf0a3b21e4edafa5af88b32ce8f68ee77ff73a5d06f6ed2ee5a0d03

Sharing

Copy URL

Twitter E-mail

General

Target

29e12d29bdf0a3b21e4edafa5af88b32ce8f68ee77ff73a5d06f6ed2ee5a0d03
Size

3.3MB
MD5

12a09c84502ef66c4320bb837657f885
SHA1

36f54c7d8db6552b6f1a81e4daf7314fabeac653
SHA256

29e12d29bdf0a3b21e4edafa5af88b32ce8f68ee77ff73a5d06f6ed2ee5a0d03
SHA512

355ade6831fd5718a6957b84c9baf59770e0c97824a734488a0d49715759da7d4d021b3725a99cc764526a00bba6678efdebadf05530d5f1552dcf00a150757a
SSDEEP

98304:KTD8BPwep1xNe+r8PIGWX2nDH2Ccgugw9mS:VPDjxNVXmDzJw95

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

29e12d29bdf0a3b21e4edafa5af88b32ce8f68ee77ff73a5d06f6ed2ee5a0d03
.exe windows x86

25359909c9927835d1cbade79b46fc40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Exports

Exports

�q�ҸVݶ&��o۷�{1)�~��m�-�ۛ]��C�Ü�6�HfA#0��a��j��!u��Sa%�I�Zz��F��r=�Z5��·�)�'X��[l��G 2b��!��N�u� *��p�.B^$4.��/�p�;��O�P�EKz$r��S/d!�k�jKz�̠��WE�▼;��Y��R��.5�L��& GI��t�־E(�NPjv�!Q]PUQT��d~�z�A��.�k��-}J��uT2*�e��9f)�7��a0�M^S��,��U�y𛼌C0�&��S�"�K/�X/��}�U+%Y��a-�1��[\`��1��OY��d�]��]�?X��|��B�8�EGn�si3G�&��){{J��i]�0S~��u�m��C��G�J�x� ǖV9��V��s�{6�B�,�t=�D��{H�b2��Ё��[i0 ��2h��\��V@N�JP��,��\�R��E#��,u>� �ޝ�֙�� =�6'&3��eQ��#��&�It��y�1�UgG�kT|R��)� ��w?x&��r�y��v�N!�F�X3{�<�W蔽N��'��Iy��G�r��{5��˯ٗC9��HUK��/{6��<��kd<x{��a�C9��z�P��pWxAi��F�Y��Y��2�j!�H��A��J�c#�z��<� ��%r�wQ"Jq=dB��cz��ڂ~��߯@K�� WAi�@��9ܴ5�$��͟�5�xXf=m��PD��y��_w�F{�=��h��64�(-Z��7��X5(��"�E��L��i��o��|�.f��d��&�4�[�o�"� y�6��/�wFv�}϶��O~ո28��F�gr��|�8��=QesR�ץ��&�oJ��tr��e5�-k��,TV��.3��=�[t%�!s��<Ô��6��2�&�X��-�)Vc��m�k��T��PM%��-��k<hG��<�u�lqY��Z�o��㭳m�?��W<Lx]7��:a�m@38�0[��F{ �f ��W�J�;��i])o��ɹ� �z��*7t��내��b�=Ex��l�6��$��Se��g�F�@��>�4� -�c��]-þ�Y�^' �5��M�u�cV ��,��}>t�iXU�=��D4��q3�Z�xR��?��8��s��Z�3>!r%}֞�,��k��#�*��[>��j�iJH��M��Y��T�7{Y��L(��t[}4�6��*V�`��ܯcp�[d��E ��3��uB��3Ma��T8��h�d�li6/DxC��7z"��ξ�sf)˰[ȷ����4+*x��$��!Gk3+�r@<�2��C�~|V�TX>SFo�i��)N�1p��L��1yx��˄��D��m ��/z��ڏ�� d�#-O�:T��U؊�3i��p�� m�~��ؼ��"�bu�G7��bp <��I� ��F��<�P~��V{⡅!�Q=�inn'ĳmg��؂�qZ�/_.�X;�@8]Ӑ=u��Y �TW�!w�0H�� !� �z0�37�/`=Um��ފ�k��e��4��I�3C��\!+��+��=��;��}��pw΀�</�nӜ<h�f��{}$�Z\pp9�#ӫN��"�Y�ҽT��6@�F|6ڡ0��x�(��S8ϊ>�}a ��nq*�\�@SԴmD"��gEmB�?l�}�gm�`$)a��6��?��2�>��»I�U�̫C`��U�"E6� n��Sag�G1�#��?*76�|Od \lnT�͐� ��G��y��uǪ8h��aK��;�f9��I�3��R.-��ȧd��!�1�ȝ��ُ]muECC�(�P��q��!TH�U8"�T��\�� #!��i��`п[��1��q��J.��y��kD��ΐo��Eu��ְ=� ��D}��J��h�]��<��z�C�Z��'�up@>)�(��g��3N�p*ľ�iʹ�G�hfp��q:V�Dj��͂xWV��-��lO��0��۬pJ�9�;��V`��ϧ>º5��*�<�`��L�xS�ʪ��_[Ek��(�w-3��'hAw�n L� �|��OKKK�9��cn��˽Уj(3j�yP~�/8B}�C'��J�§I6�YY�0�6-��5�� 6:ON:�Y��_BD��,�a�:��P�2�Cݷ��.��Q�{��EǏ��@��9��%?�S+,�<��\��u�8P��GZ�dѲ�ϸ_�նwn�2��Nê56{rp�&ٔ7��Ea��V��S��O��e�J� MC.�_��Zt��)�E8��l�}@yo��# \��M�B�t��4AkT%��~M��7Ml�(^C�sޕ�k{N�xh�Y��cU�K$��C(?ҟ�Ӣ�R �P@�RHݍ��}��'��g� ��q�网�/S��~�_N��Y�6��1��NV�m�^}H# �CIc��Gz��C92ьnZO��ܳ��YE�jyvx�[!��,m�K퉯>��o��v��v ��h)�ҜFp'�U2zIB�Vz��c�3q�9�]�P^`�gP�N1�� 8��rN�� OR'c��E��܃�W�(݈�=��GNz-��r�ڻ�`'��q[�2&F{�D���<ϋ��E��a�5�h�FQ�idw��U�ɡzrw��k��%��T@�so�� 2M�:Fi��?C l=��E+ʼD#��[̹l2��Q�>��s,�eD��>��G�%_��--r�=�&��%t�R��8e��

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25359909c9927835d1cbade79b46fc40

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 27KB

.data Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 2.4MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 615KB - Virtual size: 614KB

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 27KB

.data
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 2.4MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 615KB - Virtual size: 614KB