6566e37de9f53f9181ed44365f0d92340923feec9e67a7f5a59bb9ef7fd49c63

Sharing

Copy URL

Twitter E-mail

General

Target

6566e37de9f53f9181ed44365f0d92340923feec9e67a7f5a59bb9ef7fd49c63
Size

85KB
MD5

cbf4bfe048428c75658a97636038d4f2
SHA1

8d9683a259e1b2b353d6d172ce1b3a4f3eef3e98
SHA256

6566e37de9f53f9181ed44365f0d92340923feec9e67a7f5a59bb9ef7fd49c63
SHA512

687460e67d9e875db8a201f881991e7eacb82c86799783a4d3d7cdd684649dbc8a868afe62fbf1fddeb90e72cc33dfe5836ba8b0ee15fe15d8dbdb64c2f758a1
SSDEEP

1536:A8ZSadagxpHbGGpT74d+pM3tdlokqYbriJAJwe3hiefMZck54rQMrXg:RdaO79p74d+y9bqYfiyJwe3hiefMnur/

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

6566e37de9f53f9181ed44365f0d92340923feec9e67a7f5a59bb9ef7fd49c63
.exe windows x86

42518105e94ca7877e860eff95c08ac2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

��֖ l��)քx��D�J��UǑ"t]�3撘�88��O��ӳ;_W��"(�x-^�lt��N��ۤф`��O�\O�5[�J��`z"��͌��uK�7��L�(��!#��+�_<�f��<H�ԁ\��a�HF|��Y-�C� G�ǅ�� X�A��A�� +�9��.��q5�ᰚ�S�x3��~f��'*�N¹cI��l'��E��Q6L�<4��e�fQ��Ã��-��,D��΄�3EMT��A��;Y��j�$��>�@��<�y�2"_ ��<#��+³��Ɔ��f��ق��1@@��GͶ4wZ�j��D��y֓��a,/��]�L�� "lո(��Xg�K��l��4��kc��d�ϝ�3�&�ŧJ�)� ��t`1� v� �qq��`f1&��[G5p��v�s�V�drQ��,Fh�i��з��<&�h� ��j[S��>�E�"��6��z��i�F�s=Mx/X$�*��`��` ��D�8�3N��u�?�?�&��=6�J��r@�F}�K��bJu�;A�A!� V]��цa��3��A�#�i|]� P�^��Im>�#��qtU��%1�5��ט�s�z+� *�!R��,�!��lD�� Bs�E��7�v��2p��b��qu ~9�`=�^!�z�E Q��mB��9�֤�P��H��d�[U�9U��D_ ��W��l{��1މ]��OɆP�@*��0�0�V$KR�A�YN��Vl��d�_7��tC�P��ߩp��{�`� ��c�Abz�VR \`�&�1c��J��";��c��jlvn��C��d$��T��2$��Jo�6��]�45Lb�m��8��.@;l�� 4��N�:�!\��U��YQR;��7I^� r��?�)��DiR?��Ng-��x/�J� ��> �S�Rn�Mȕb�K'�B�-3��ý�o�d��_9��a��AS��|��z\,V�i<7^�-�'�[K�� w1k�ڮ�z#�:_)��D�2�|� :��"��`��1=�-��3��՛ �㵐��]��gZ��K�i�a�q��̰S˒� ��D��($=�ua�f�^��)}z��XL��7a>s�]a6�?Lzm�t��>a�=֯�yy~�)3|&�O�9f��Œ|�*��1��^� ��*�VhQ��i��,�վ�x�p��wl�YY��;،6�J��b��Q68DWl3CnѮ�҉{;`��:~L�h粷�{{O��]��:W*پ��lʮ��YȀ��*̜/R3��[�җ��3��|gC��y�5u4s]��Ҭf��,�l��whQ�Vc� �mo��vi�� mJ<H��8@j��F�|��ޝ.b�&X�2�{~?i�Oc��R��("�ݦ��$�3x=�m ��KN��W 捎'��i}=��rt�%zXR�y��۩�7��h�wM�iC�(Pǔ�_��H��иG��`5v�E2��}��P0��>�T1hzZ|��@�":�7E��iE�d��O)��!�+!&�ԒZ�F��A��V� �:d��25߹��L*+j� K��NOQV��ˮ��L��N>K�N�h�Ӑx%��a\��s��!5�'�2N�pm�^;p��h̆F=)3�F��((i��֛Rv��2�Z��L��_ ��s��V��o|<C-hb ��s��=�Hi��b��G$��H�J7��g��a�"5*(/��EQz��b�a#��r�N$�ƈ��n�~`-1�=�m�n��.��A ��h�坘i�4��m"�\�,��\��P�l��@��/��Z�m��ah.!e��^Wͤ*�u�,�h�NX�2��0�Jn�a-��΁>څ�G��o�8�߾�]e?��̹j�a��5�J(��Lh�N��0��e-O��Q4ҽ��F\�k+�\ �JD�)�=�� Խ�#��w�"��gӴ{:�yS#�aF�(�wA��>��B�퐝�VB\�NEVx�bH%I�n�G�ϟK!b��V�h>)��VJ�i��}n��^��ZD| �R:�ˍ= ��5o�CG�|8|%\��D�>��Z�:��5��D�js 0(+1��[�x��c(_��},��2֔+�ϲ�f�x��;~QPqCjF�k��M��gFc�?��o��m��0��-��E�͐�)*�c�P^��/srz��n�kf�vHa��7��rKp��<��Ye/@ʒ.�٤�m~�7ˬ�Ts�Ƭ2��ڰ� �w�W��Ҝ�}+��ܭ!Fg��C�w�tv��R��L��hufe]�+�`�?3!"��O�אEaA7D�R`�Rp��5v��%q�E�ǅa��_=ն��Z�z�B?>�6r��B�"L?�%��Z�Gv��t��m-�X��;�1�]w�!z�j2��%��xq2{�I�J�{� ��z�Q>�pL��Ԍ�n��0�F q��e�/�7��̇rv��qh��t��kq��l��jP{v�L.�ߦ�C��5e�-scW�)�1ɋ�R<Y�� ˙�_Ѯ�j�H��0Jb�hp��[$�ۓ+n>��c+9,.�pۃ��S�u�Gy�NpaVS8A��2��R"s!�S/[̏֯jY�ĿP�N��s�e�{r`�Ȓ0�t��sZuc��vIR��9e�@�uuGȾ9��|��Q��"�j6O��Z1^��S��2I�oD��ۑ��ǝ10��@��<ߩ�)#��%WE�,��B��#�[�+y��N��ĦF��j[��\�{��-��A_��éa��S+R`

Sections

CODE
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42518105e94ca7877e860eff95c08ac2

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: - Virtual size: 72KB

DATA Size: 25KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 4KB

.vmp0 Size: 22KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 36KB - Virtual size: 35KB

CODE
Size: - Virtual size: 72KB

DATA
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 4KB

.vmp0
Size: 22KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 36KB - Virtual size: 35KB