6e7d2668425ff36ae9acc5086464fe0e43b75f739e6dad8b50637f74b76eb512

Sharing

Copy URL

Twitter E-mail

General

Target

6e7d2668425ff36ae9acc5086464fe0e43b75f739e6dad8b50637f74b76eb512
Size

1.3MB
MD5

e0c9866574716c189452909a57705a64
SHA1

5c362f29398fca8655a44c68178d1e5c7fe055fd
SHA256

6e7d2668425ff36ae9acc5086464fe0e43b75f739e6dad8b50637f74b76eb512
SHA512

7096103f01ab6e289898adf640b7e8edd83371e9313f1909e444e5244817342e522b213326e2c511050ecb7acbd9385669dbbf5bf0c0ff0a6dc2a14aaba18519
SSDEEP

24576:D7ZU9kI0yRzQRW3OeEaKwSfpcUJAnlpxLdeEZ0am9RFYjMictq+paZTxi:/ZU9r9RzQMTEaKrpceAfbeG0amKjUr84

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

6e7d2668425ff36ae9acc5086464fe0e43b75f739e6dad8b50637f74b76eb512
.dll windows x86

dc02d6a11096a5d0d2d6a7e6771ed718

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CallWindowProcA

gdi32

SetWindowExtEx

ws2_32

WSACleanup

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

wininet

HttpOpenRequestA

rasapi32

RasGetConnectStatusA

Exports

Exports

GetOutTime
MessyCode
RegisterPlugin
SuperProtect

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc02d6a11096a5d0d2d6a7e6771ed718

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

winspool.drv

advapi32

shell32

comctl32

wininet

rasapi32

Exports

Exports

Sections

.text Size: - Virtual size: 146KB

.rdata Size: - Virtual size: 22KB

.data Size: - Virtual size: 960KB

.vmp0 Size: - Virtual size: 512KB

.vmp1 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 4KB - Virtual size: 240B

.rsrc Size: 4KB - Virtual size: 720B

.text
Size: - Virtual size: 146KB

.rdata
Size: - Virtual size: 22KB

.data
Size: - Virtual size: 960KB

.vmp0
Size: - Virtual size: 512KB

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 4KB - Virtual size: 240B

.rsrc
Size: 4KB - Virtual size: 720B