1307236c161f13d553ee7f966f3b62c1ccdb818cc25ccaf511e2af7262be179b

Sharing

Copy URL

Twitter E-mail

General

Target

1307236c161f13d553ee7f966f3b62c1ccdb818cc25ccaf511e2af7262be179b
Size

1.4MB
MD5

04465c4fb49d06f649cd0973c55c047e
SHA1

d2b9ba5c0af9eeb684240d7ed8b5e6cba19fd1a0
SHA256

1307236c161f13d553ee7f966f3b62c1ccdb818cc25ccaf511e2af7262be179b
SHA512

d0531a2ee353bf34f3438722f97d16a6c97ffcb9856ef9b2aac4d54cda43de231764d2e76655f1d2cbbf5aeb23167fdebd3089901c09a1a84a80c66700c1bf2f
SSDEEP

24576:9HZa8tmIbJMpjISWPooCdbB4SqJ0eOqQc/1g++Sf3Jx7QCKzWqFrKPmQ:TAISWPO/qPQcSSf5xkblpGm

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

1307236c161f13d553ee7f966f3b62c1ccdb818cc25ccaf511e2af7262be179b
.exe windows x86

9a9814e537a389ddafce9572ceac06dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

FindResourceExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowWindow

gdi32

GetSystemPaletteEntries

winmm

waveOutPrepareHeader

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CoRegisterMessageFilter

oleaut32

VariantClear

comctl32

ord17

oledlg

ord8

ws2_32

recvfrom

wininet

HttpSendRequestA

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a9814e537a389ddafce9572ceac06dd

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 480KB

.rdata Size: - Virtual size: 278KB

.data Size: - Virtual size: 174KB

.vmp0 Size: - Virtual size: 817KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: - Virtual size: 480KB

.rdata
Size: - Virtual size: 278KB

.data
Size: - Virtual size: 174KB

.vmp0
Size: - Virtual size: 817KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 72KB - Virtual size: 68KB