9b80a0cc515d60ac4b00d9bb4be21025bb7befda39be13d62172a8a3a72ba66d

Sharing

Copy URL

Twitter E-mail

General

Target

9b80a0cc515d60ac4b00d9bb4be21025bb7befda39be13d62172a8a3a72ba66d
Size

2.0MB
MD5

8b620f7b70cab1ece6ae613288fd88b9
SHA1

8ac0afa3e7204328a2e5e483d1b9934685e55d32
SHA256

9b80a0cc515d60ac4b00d9bb4be21025bb7befda39be13d62172a8a3a72ba66d
SHA512

47e8995ee18de0e3b43060db12a2e925e7791e61318303fc24ce2fc39aec5bba9a551b07cfc956dad388da91b777d5379854351e04adb300e5b600386a70c089
SSDEEP

49152:7dKzRTqdtEIoH+uLyhgCm5oOqI5oK/qAKti7IBf:pKzJqdtEIm3YgeOiAKi7IBf

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

9b80a0cc515d60ac4b00d9bb4be21025bb7befda39be13d62172a8a3a72ba66d
.exe windows x86

5b9d2e7d7d39459f1d551a0685b96262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsRectEmpty

gdi32

SetDIBColorTable

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteValueW

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard

oleaut32

SysFreeString

version

VerQueryValueW

gdiplus

GdipDeleteFont

wsock32

gethostname

psapi

EnumProcesses

wininet

InternetReadFile

iphlpapi

SendARP

Sections

.text
Size: - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b9d2e7d7d39459f1d551a0685b96262

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

version

gdiplus

wsock32

psapi

wininet

iphlpapi

Sections

.text Size: - Virtual size: 433KB

.rdata Size: - Virtual size: 128KB

.data Size: - Virtual size: 29KB

.rsrc Size: 29KB - Virtual size: 1.0MB

.vmp0 Size: - Virtual size: 536KB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.text
Size: - Virtual size: 433KB

.rdata
Size: - Virtual size: 128KB

.data
Size: - Virtual size: 29KB

.rsrc
Size: 29KB - Virtual size: 1.0MB

.vmp0
Size: - Virtual size: 536KB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB