3b95c4e6569b6c804e078c168980e9c6b4c5b3c82f6e4002ca669e9f6a47d050

Sharing

Copy URL

Twitter E-mail

General

Target

3b95c4e6569b6c804e078c168980e9c6b4c5b3c82f6e4002ca669e9f6a47d050
Size

1.5MB
MD5

31902771821af1e24e99f31856bf5b5f
SHA1

f41cf5bff6683f12bb07ed28619e4a1f10495ca2
SHA256

3b95c4e6569b6c804e078c168980e9c6b4c5b3c82f6e4002ca669e9f6a47d050
SHA512

56e0f6cf1e0fa181b741dc5b2f7d89469c061d3640c9d606c2d7fda5a52004b5258a16d0faa105731e969c9e000ed02194b85c83aab7ea4d93d881e435f83099
SSDEEP

24576:LWF63MX3Crq1GD+DO5Qk8FWplWwXYGsCE3Q087xzZUbvbjivLykh4PviClV+/qe2:CFsp+1GDF/84lWwXqYNzwvXk9hBoV+/0

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

3b95c4e6569b6c804e078c168980e9c6b4c5b3c82f6e4002ca669e9f6a47d050
.dll windows x86

e34023be2097a147c5220cd670e91fd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
WriteConsoleW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsWindow

gdi32

SetTextColor

version

GetFileVersionInfoSizeA

winmm

sndPlaySoundA

advapi32

RegQueryInfoKeyA

ole32

CoGetClassObject

shell32

Shell_NotifyIconA

oleaut32

DispCallFunc

Exports

Exports

��ZRb̊�� ¡�Ȉ��(-�H ��<K��y'�ѽ� n�:! ��e�jBu߉,��KK~,?;��~2��kZ��>��v�ML��,fxő+�-�z��MU�)��H쀪��.ݻ��Ⓡm�t�� qA��$�L�h�-��^��kt�S��p9k��vB֤ɏ?�$��x�T$T�� ,��ӂ#��6��ŏ}��2��Pt�b�&��U�T-��a��`�r�5g��Ȯd�jU�e�:>�J�*��ع��ß��F�/:w��f'W)+�I26po��6�� 9 K�T��M ��|noͨ��PW��ZJD=��)G��OVK�b�<N��CS��a��~�`�CƺC�:8��u�,�;�D_(K�FE�Y�v� -{��*{��7os��S��r>�3(Bk�8k��5ـ��괝!��8��n��`)>7g�o�ו-�$��܍.Q��ƍ�KPm��U7��vW��+)�2;��]n \�]9͡�b&��/Ҭ�^: �l�K�Z`9� ��I��]+ʇC#T, ;�<�@��O�]�3��'��K3��q�'kN"͋vA��dt̓��W��f��,+��@�T)b�ɘc��8y+��%�%/��I��U��)6T� �� ʎ��A��s<�U'g��{��p��j��'��!j��l�G��Seg��ٲ�ó�ǜ�W��Ex{�[�KB�J��J��"�u�x�y!��C=a��2,W䡬�b�F2YaL�1$��h� ��@��,_�w�ZF-�<q�=�k�.��t�,��'p�$��r#��4�M��nn�r;|��V��)�g��S8��OY�-<�B�O�ݲe_�n��}Е$o��R%}0>�$�Ŋ��|z�:z��(T��ǝE��ژ�6 =e��dM@��%Lc��.��tLV�8p��R��+UdG�Ce��N�ACĢ�F�xG�� p��F;�h�@� ��A�gY٫��Qi��O��b�Wj)��,�Y�1��uC�2J��$\*/��x�^}�-��ă2�(?�v�L��c��'3��=�mWGUebޒi(Ӳ��JZ5~>�9Q�׸@��q��͛qR�#��l�y5�j 羋�Bv�(��M�{b0�;��$�o�� :��g�A/J0\!Y��U ƵBlș��@#ֽ��{TeM��Ll~�>dAP�v�>]�;O2�y��Ir��*~��v��_ۇ��ܼξ&ڽ'"+wj�]ݍ��A��B݋��%��J�+�4n��+͠?^�`��A-��򿕵 �TO�ݡ��bYu��(��A��B*\�!T��W�� Ҽu�3��f2��퇦š��ᚕ�6[��hǷ�z�v��H�Y(D�{6��1:x�t>Upb� ^znC�=J�W)�*n��KT�)z 6� ]��{�b誠�k�1x�np��L��ߕ��M4��R��"�ۏ �"�e�{{PS��M,ϙ��U�� '~�O�7�RV��lוP�ɲ��zX2Ͳ��r�J�w��̕3r�/��NK�_��b~v|��t k��[��}��h�Gߒ��M�$\ o�<#��i��:G��t��p�<K��5��o�lOV!��yg)8X��]�Yӆ{^ӝM84�V�w<Q�Mb��4�!�?,��G;�22U��Y{��.�JW�e�;>��W�v�L�^)�>�� q��F�!+�/��z��X��ڳ�L~�<��Q�H��P�aV�� U�J=f�1��M�m3�m̖Tf��/��o�Y�g��ī��8�� 8�.ǀ�z�^�~�ğ(�J*��]>�� |=�z�e��f��&��2�Ԡ-�Eu��{T�d�(E�� %UyZ�lT��p.wpxZCf?��W��I�`�\�߿S6* ��<TJŰȜFх��.��3�2�c�_'(�]�8{��h� �� C�Kz<�G�S,q��J{/��>$D*�{Q�3�:��@Z��7��'$|��R�y��7�K�.�w��̸�>��$.lZcdWEZ�;��4�vi��`��w�Pݷ=Ӥp��E��Q]@�� @��G��}�z�G�4��/=0 �I+!�d�N@0�B#��Oz�)X^p��J|�R��*��pb��Ks��J'��8G*e� +�h�&7a]�Tb��O�]��i6g#7b��J_�-|�� {Lu��wf�ӓ@z��sq��)��TIK�>秏��d�f��eV�#o+r~�5��e� �{��1�B�*9@&"�DUo(��-l8�T�Ty��vG��k�bRE�%*�`��5�`�,�awH�JI��_��/��T4�7�O��$�)�DL;�`�V��ww̪b�af��V�lץ�~�7�/͍�8|X�G�B`��r�RML�2��h�~��Ow31��X�FLw�/��"�_�j:� ��`&��ھ��q͉��T�e��wĐ��w��N�a2$�φ��?��9�,8�; ��OUGO�]��@Ի�_��-��Q��]:z)�� t l��*��z�Sͭ՝Z�7aȀ.ݡ��5��Bc�糼:��Q��\��T��(�T�{��B��J��;�7�l�D��#V�-�2|eGK��j��OE��ߛ��E��C�yyE��X'��O��sF�V�LV�sSXq;Fci5�R�.�%gi,��~L7!�:Q:��0��X\��3A5q�!��^��M��+k�8=��!�I��댖1�qf��S��U��

Sections

.text
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e34023be2097a147c5220cd670e91fd9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

version

winmm

advapi32

ole32

shell32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 219KB

.rdata Size: - Virtual size: 48KB

.data Size: - Virtual size: 59KB

.vmp0 Size: - Virtual size: 1.2MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 2KB - Virtual size: 19KB

.text
Size: - Virtual size: 219KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 59KB

.vmp0
Size: - Virtual size: 1.2MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 2KB - Virtual size: 19KB