97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9

Sharing

Copy URL

Twitter E-mail

General

Target

97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9
Size

107KB
MD5

177a852dc41723876b28dee508a99ee6
SHA1

45e87a13b9894bbfdd1a9d7e34153ce9fe8010a6
SHA256

97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9
SHA512

18ee953acad7c6b4e59c7dcddf9711c2688ee8f665610a03434fad15e2758b249f76c0bfc012b0ddf2e9f8b9c528dd98d353afcf4dcde6c4892254af1b21ce8b
SSDEEP

3072:3zKvSm7W7Ju3hrr/OFAS0M+d3ddgS1LkC/NNg:3zKamM8r/OFASl+d3YC/Hg

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9
.dll windows x86

a0e8feacb13dd3bb716da377a2be5d07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetTimer

advapi32

RegQueryValueExW

msvcp110

?_Xbad_alloc@std@@YAXXZ

msvcr110

_malloc_crt

Exports

Exports

�J��Q�'�o��gQο�3V��Nix��A��%��@��h�)΀?O+��*��c��D�o��;�E�z*��D s`�aX��f�޴��ɽDo'�V��`5��tK��Y�*9c_�]��X�Z�6>8M�ؼl�d�x�CeQ��^��y��nf(�|�m'�;E ; oop.�I� ��1-}eS*�7m�5��Ъ��+��Q�N��<��ځ�rhDf��3Ze��z�*��gB�I+��V<\�3��҃��vmļlY�V��z�]3X��1�-~��/��L�B�v��@U�B��ÿ��J�>�k=]�N�%�`tԎc��"�8��_��d�Y��g]T�>�W'��o�诈�ꚶ��6? �,b��z"�\��P�xb��tu֫]a��a�~��l�^]�=��˪�H��}U) +��mع<��f0E#�6�LTq�D�e=�9��b��8`KfWN��P�<X@dG�I�,X�G]&�X�;�N�-Ϙ��Z�Q91�I�Jֺ��P5R�ʟKYƧ<x��E+��,�%q� �"��(��ì�*xwKW�m��*U��e�Ż��&<)��<`�گ"��4��- [�_��G6�Qs!��(E�Zrm��O�E-��5T.�:��_e��[. QV��-Η'!��k��=��"�(X�Zċ��Kn�6��L��ou��/�)��w�}��ylȂ�,O��@�2_�z�Հ�-,G3�!�F��{,2��I=�Vx�2�g��NZD#��M�q�C�ŀ�/�cw�`�[�Wq(�O�m�&#B��7��&�GEA�yʅ 9��k% [0%\��0/��Z 8I\4@��i�ώ��yC�=BIG��S��i�޸��eQmh{�ǁ7&B�a��\y��~�Pc��Є��ޚoc�o��m`A�̎�l��uf�ɍ�^��b��I��oE3�ܞ��3�s�1>�H`��E�B��4L@�Z��uF�T��,j��k��~�ȿ?ġ�b/x�U��F�"�Q�-[��w��uK|�V��`Ӗ9�j�Lh��5�$F�)�/*?��"��T��$�}�tV��@i��#��ٝO��C�Ӏ�`go��c�^;m��xF?��d�͟�cF�5d��H\�<+�ꀴC�ihO�Q)��!匣��2��N��hm��S&}��f�*�2i�Y��6��,�¥��J�X9؇�F��_��x�n��S��s(�o�-k��^��=m��)ί/�_�)�]�l��v]�}$�Q�?~YI�yR8�0��9*9D��W��W�:��0U�:�,:t>@�3o��񮱯��b�!��v�]�y�!�j&|�uf��ۛM��}ĒS��[�#�f�|��m�U �I��T�O��;.��g?��<w��>ZR:�at9�ab��h3�b��0�8��ˊ� [Y��.�D��+W�@��⠼�0��V��Jt��[v�uk��6`�ĻY��"/��ټ��,�;؟&�]�d�W�Dߛ��9��d2KM:b�BѬ��rr_�a �%��2A��p�qv��$ȭ��9�W�<��x��q��@�b�Wc��1u'i�{6�S�`��/�S�*�r��d�.��O��'o£�V�b`��S��;9�W/]�#;U�!�ɂ�z��"Rh��eK�вf("@��ji��sV\E.KDq��v�S�)7��Fv�eT��Y\��e{#Xg�?�Q�ֵY��%�D��&�~o��[�=��m�ꚓ)=X��Ŧ�Q��#� zB:TlACz��{��F+��wEܲI��'0x�3 tG��:��i��0�öw�e>�H{�JxbY^� γ��-E�n>��ؖYn�S�ߞ�,��ݺd*- ��f��D�2��l��*�N�L�8 �=��q��[!XS]��п��7�o��E�ct+V~ ��ۙ6��}�!��3�f6��C�@�4>� x��OҚ��*��+�f��?Q|�� 0��K��D?�C�B��U�� 5��ƭ�|ǣ�qf ��Ԯ��h7��x%`1`��R�+�_Y��_��=�z��4Ɂ��Q.� .��5��ѮXK3=jG�dJ��cP�6;��L�џ� �2�wE��+׼�o��أ�� i@��X9>�=��L��#8l�M��;�B�3ffCІ�JVN��V��杇��wn�0<٢ ��4��s��3�4j��LlJ@�,�W��wk��v��@P�c��6�x��gEK6�@��]#�0x��.�=YO�b��v|�z0�E��Y@�l=^��Ve��S�W��f��E jX�� !\�&[W�| V�3⻠C��ՎBCx��]�� d6�EZ��c�ذ��۽ϭa�8�N��v֔}w <ڞ�Hk��hI�Jd��1�-�%�N�'��oR?��{5+�4��3��7X��鵪�a�Bf�G��9��Ms�L�K�%L|Z�v��_��&�=n�eG�7<׶��!֌c��B,�Z��6 �� W��0_��e�a�/ Z%��ڽ��u@��?�i�h��Ĝ��_N+ao�-҈W� p��:�Ɵ��*��trqx� e��V� ��r�ޘ��m�4ʯ��y^�`��Շ4h~=��g�%:sFCf~}�59�f%�;�N|��S!��lD��%f-��R��ZU�n�򬾑��,2E�i(��z��w jI��$da�YN�B|�D�cpW��#�7��kA�Cl��%o�Yﺸ�I��o}]��{��&��.��",C�Q"��V�ᣣ

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0e8feacb13dd3bb716da377a2be5d07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp110

msvcr110

Exports

Exports

Sections

.text Size: - Virtual size: 7KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 9KB

.vmp0 Size: - Virtual size: 49KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 104KB - Virtual size: 104KB

.reloc Size: 512B - Virtual size: 216B

.rsrc Size: 1024B - Virtual size: 658B

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 9KB

.vmp0
Size: - Virtual size: 49KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 104KB - Virtual size: 104KB

.reloc
Size: 512B - Virtual size: 216B

.rsrc
Size: 1024B - Virtual size: 658B