717d7336f3a120865955c8792004d53779b73cdadefa635d9918a3b72ba694a7

Sharing

Copy URL

Twitter E-mail

General

Target

717d7336f3a120865955c8792004d53779b73cdadefa635d9918a3b72ba694a7
Size

2.6MB
MD5

ca7cf32dd32a65e4dbc25584ae029685
SHA1

280265d868d6b338099e654cbab760671cc026f7
SHA256

717d7336f3a120865955c8792004d53779b73cdadefa635d9918a3b72ba694a7
SHA512

a40c9b360bd2a553cbd46aecb8d0190d1c8ee4b84447d9edef13c1434039c2a243b084299265891c98b3e812aa82d873915b6d479e512a80ea8a0adc4cb16b6d
SSDEEP

49152:4r6hR1Rj047aIty01VklkCtLg8qtCM8GNTreswSfLdsbU:4r0R1a47Hty01Vklkks/dXwqp

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

717d7336f3a120865955c8792004d53779b73cdadefa635d9918a3b72ba694a7
.exe windows x86

624ede5bbca7afed89409ae5e5fce05a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsWindow

gdi32

CreateRectRgn

winmm

waveOutReset

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

accept

comdlg32

ChooseColorA

Exports

Exports

��/l�T|�j�-��)Wk��?)�� xi��ߔ�z�v�Z��gԹI�|�o'��Ѕ�&��S)�s�I��A��؈��T�U�d��<>L��G�M�,�Mk�!WV�ȴ�B�t��iù��Yp��lڶW�l�hQ?��C�8�9N��@n�ϯ�`.K��Gw$A��>��'h�^9cV<2��d��!�}N2��1�T2�� =hXW��!�W)�AXeUE`@e� D�%>J��ǋ'UƏDyC5��c��G-��8��$�&��=�6H(��[4��2/܋�PjOf!R�[��M��d/��Ϳ�g+�B�bD9�r��M�*�aEs��yc��kt%b��+O��Շ�.��-wWdy|48c��N�b��GФT Ӫh%\��nM9� &RD a��w��=��1?#�J��n��|�!D(^$�%��f��޴Y�to��G0\r� �Z��WZ��a�M�G]��l�vW�h<4�BRk��^�d �ٜ4@�ȋ�Yڣ��s~T�ʌ�/��[�7E �� G&b��&�@��c)W�Y=B�x�`��Fi��3 ��c��Σ��U�ͼ�Db��<�� 5cs�MF}B��G��`��R�O��kg(u1�ډ� /�K,�`��)7�a*ex�T)�l��/f�&3��J�}��! �˓q��j.��8[Ｆ. �O�!��K�c�CK��H�At�2�H��E-<�4��r��M#/S��H�G?�o�޻c�7G��Aj��Ld2�WR8sL�Wh��r�-SV9�Q��5?��̽A� �hR�қ�I�rLOt� ��#��#�T��r�`��+Γ,��u=��ϒ˟��_Ñ�o>��w��fD8pR�yqyK��aF�� zǡT�4Hĉk1�$9�N�\D5�w��i��[�3:K�1Ŝ?��a�V��A�=R��س�.L;Q��0p�%`'��6M�h%�){�h;��Q�2�U�j�K3"��4��I�J�d��8OI��pl<d��֤ZQkE��2�=Si+�i��T ��X�9��l7��;�� J�2��Qg`��9�� z޳�� .�j0:�� T�vØ�H.4�[�K�)xd+��.@�~^�� ñ@��3hy�s(L�t��Bb�S#F��=��fXPS�il�䁺��rK~z��'��4��+1�2�fqtiݦ��h��Ь�&?�|�2�<�j=t�V"��p/�^!�v��ɜ�$T�9��a��*��7&˲�㉖-�i5-Դ�5��V�KB\��[4+L�~>��u��>I��d�$�J��X2-��eP8��eĎ�=`��ϵb� �J� ��Gc;߯8��C8�Z�29?-�z��7Q�6�=>Lf�泔��[�Y��N�Q�0�D�J5��,�$o@m��C1�,v�h��a�\IL��b��v��G��^{'��3�+�� Ϟou�tn"�T��.Lk�O(+�|Y��B'e�o�` S��'��-�ޣ��Q�п9PN��@��4��y-��n�E��N<��8�m�8;-1H噆!I�ө,��6p�۱�:�#)J��!�@��`��螫��a�e+y4�z@��8�d��ۯ��ls@0��<ݬ�U#qG�i��b�[��6��5�Ĥ9ΥKb"��|,pHG�C�dߊ��1�U�9��/WuNq�4��N�AK8�lD�,��W��A>x��2ٸa<�GJ;��<�g�*r��-�0�0�78�r��D�� a��-�j��|kM5'�{��Zԁ`��:h�0:��m@�`�-��(�q�$��[�]��5��.#�M�x�O��7@��j�p��}�g5N��qaST� ��dŊ�O�x2=��(�4��J��wt�p>�s�� ˺?��i��L3�v ��wK��ԣ��A��=;Gs&$� A��'�IK�D�d��e\��ҥ)N��K��4��b^]��F�|z� �>�sIs�N�8� U�O�:N�U!�г�p�ŗ�wڳ�wXS��nJM˜�Ԏ�m'��1��뿒9��vF�;�-� �Y^��~�y��d��~3c#��k��T��HR�xe��`�+��ۇ^ኛ2��Sɻ��+��#ת$��@٦�L�LS#��jx�T~�~�ϟm�X`��M��0�߹ �{N�I�Q�Z�y`Rt7��7��;nꯥ.eH ~�G�1Wȑ�Fp�G�}�_��v�{ݹ��洪�1XغJ��!�#lٳ\3�X, ԓ��da��E '��5D �Ƴ�W��|�� a�� ڌ�l;��I�z(��f�D��<*�_U ne��3�k�-K-��w�!,y�� F ��5��Vz��]�*��4��Q�,��ċZ\7]̶I�ū ��a�m��Zb��>��s6Ґ儘��@��a�䓯�e禈��TԂ��+�Y�1�Lcsxp�S��C*��T��^�!L��M��uq��hds��j�p�\W�9�{yl86#WGYF��u�F�֦��(貭��{5=�.җ�e�?B�j�'|:\��uH��N��N�1K<Y�p��D��#s�Wdw��,��`��P�1�K��8��F��6�#�z=*��v�m垯��b�KM6��B^ݙI��n5f0��.x�r-�J��h��wk�¡�Jb�YbVt]V��q��^ 4��T�5�c��*3 ��rinm?I�I��}HȻPܼ��B�u�>uD�G1d��>]孿7��y�fCho�u ��L�yJds�f�<C��ܟ��S=��~/n��<Kb��D,V

Sections

.text
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

624ede5bbca7afed89409ae5e5fce05a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 464KB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 160KB

.rsrc0 Size: - Virtual size: 84KB

.rsrc Size: 72KB - Virtual size: 88KB

.vmp0 Size: - Virtual size: 340KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.5MB - Virtual size: 2.5MB

.text
Size: - Virtual size: 464KB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 160KB

.rsrc0
Size: - Virtual size: 84KB

.rsrc
Size: 72KB - Virtual size: 88KB

.vmp0
Size: - Virtual size: 340KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.5MB - Virtual size: 2.5MB