844906208bda6417d663b5f5d51d20fd9b1488882fd9f45e19c35768867ea787

Sharing

Copy URL

Twitter E-mail

General

Target

844906208bda6417d663b5f5d51d20fd9b1488882fd9f45e19c35768867ea787
Size

2.4MB
MD5

b373503b3b94960652fa61a220a029ae
SHA1

5e1cd6cebbbdd6cde1bf4e467777a70e920408ca
SHA256

844906208bda6417d663b5f5d51d20fd9b1488882fd9f45e19c35768867ea787
SHA512

bd0a8b6bf31ae1b12f7ca2348a71c6d326d2ce4acfbd2d0d71ea7cca43ef13b7e8b21ca2bce350430f7006085844e335965de940ac46a707c21ce1e6f55da5d3
SSDEEP

49152:48TrfIQelNU5GY5/xLAlnVKAAo5/uF7CkuhqgJ7IdNzmGw5b7p03Hnv:BvfIOos/oY+YW7I/ob7e3n

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

844906208bda6417d663b5f5d51d20fd9b1488882fd9f45e19c35768867ea787
.exe windows x86

5184d4dcdb54c39dddc841d4367580fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

gdi32

ScaleWindowExtEx

winmm

midiStreamOut

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

OleIsCurrentClipboard

oleaut32

VariantInit

comctl32

ImageList_AddMasked

ws2_32

ioctlsocket

comdlg32

PrintDlgA

Exports

Exports

��~�C��>F �$/k��<LSq��0e��Q��7�HTB��[�f�5QR��m N�͙�48y��N�r�`$2 h��j�K�x~�MU}�Z�X�>�A�7�!�tg=��b�<=��X�'��m��1ȧ��e?f��R䉛^�4N��=��@0\^�ty��e�,P��G�j��+*�yF��V��h)ЎC$xĭ��nJ8q��T[+��<6:��Xs��`{f�+��bw�h[�A�Fo�� L�r�E��K��;!d��E��]�n�i-V�� ,�(��V\��QY��=o��o`�X��,�.6һb��@9��l��ٺwF�?,��y�{N��G"G��0s�SOX��gz�H+��3�z>�yW�#��r�P�Cy�7��W�揫�^��v�l�qO���K��t��G�n=�;o�-��T�ՃVI�xqYT��r�J�8��۪ߓGXJ�n��qQ ��(`�a{,�|�e�R��a��)5G�R�5~��Q`\��T>h_�|��x$/!|āYp�9f�1�\hV��2زt�}H��F��$�n�Tr�4^%�l��ž��K<��̉�@�*C^�+�u�QQ��}��͘[6=��A�7&��6��#dzf!��)Ց@q��ɛ��1RCQ ��z�Q�W:�5��f�AV�:N��;��~�k^�/R�o'��F��Cs��Tik[р ��jp@m+W%�[��p��jU�f��K�J�Jv�u��m�W5K�?2j��R�$ju b�Ȃ�� ir��U�0z��HP�c�j�+�{��a[��h��`�1��X�sb$� � ��4� ӿ�C�͛��+b��9�h�H��8M�2:�4��h @��ӂ6o��oD=�e%S4F죎�c��#�]�� $�-�͠:��G�� L��99��qؕ�,��j��oR�ᥕ4N;�f<��4ނhr��h��#㓉�>�̿�M �G��.+��If��x�Jy9(�k��ؙ��.^j�>��I��-�f�-`�]p��}��xs�kǝ � ]�)��*.x��p��Q�f��R��w��ܖ�<�د�_;ś� B�1"�y+��JMLj�J��餖#W��5l��p�ԔE��!��09ȺqC��j�G0��L��.>��-��E��j�� \K%ϚQ��`��^=�v��2� �:V;��|��#w"y��1�U��`��K�$nY��n�<?��3�� :�VJz�~)�6�ߧ�!U+y{[+=�;�1��]�[T��0�9��=Qn�_b��*ɗ]q��:��ݮ8[d;df�O�q T�� |'�[� ~��Q�� I��7O�o��ſ�GL/� �cI8��3\|�ԣ��-�ӈ��X� LL��s��̺�ż3cm��}��΋E<' �y�!{�.F��\ Xs�r�QZb��h�꬞(��\��n�J�b��:Z�EI|�DJ�s�o�IbR=��uc�i>i,�4��nw��g��%O��c�F��}��EDw:+��'�?��X"Ѧ� V��p��f��L5{�H�5�]*��&��\�6�P(��7��Z��C�1��9��A�x�FY��,c� ^B(B��o�Lv�z�Hf��#u�tDF�Y4�]LE<�� >��Ư��b��R�frg�R}��J� ��Md��~��l��W?��N��5�d��Ċ�?�^onrB݁��Q�hY�!h��\��1�Y<2�^ M��I�X�|÷�|Z1�قS;��_�#҇��Uh��g@B<bZ��]�"��~m3 ��G��8��{�u��-}t�P��.FKs��T��LMf��_��#l3��o�M�8HG��.�X ��(T@��j��fg�(��L��ݲǈ��R�O�^!��R=1�c�R��Є3��$-��#��R��-�w�"IL�RF%q�]�ȑE��?��]��l��i��-m�V!��L#�_2�� c9nR�b��p$��]kH}ْ�ʡ��ó��Vw�EB��f�A&�)��[9��ԓ�a��T��a>�5��Y��@�_��tS��ivӤzF��<�~�� qf�m!R)��%��\M�X��~�Ʈ��Z��_��{֘�{pI��،G4�AnI3 ��ɗ"��_��7��Q�`��3�{��$Er�n�q�E��Cx��o�C��J��,��M�Ɵ&�ߎ�x�� j"��O5�\��{�DRd`O�7m��5A��вSpt>-ơ �vl��-��\�$3��iP(��lP�e��-1�z�o3\��Ǝ�LB�&�IF^w�gB��T��@��yt0�G֎��W��h��dU]��mv^~�'��7'-m2�֗�E8 nY^Y�O_.��:��1��Ao��Ce.U?$G��X.9n��/U9��P�9K<`�?K�}�[h�1��)ܡR�.�ZRj]Š -��E�KTk��};!x;u��z��>��+3��G!zn Ѻ�)I��!4�6�0�`]qqC� �=��A�w��7��el_�o{��^�N^6�Z��S��*K1�x��u&/�XE3��]g�|"�7��cjf��D~��l5�mo�Q��Y��g}��N��Iw��/�J 4&j=V:��ǰ|�[��,z�Ѽ Z��=��׾��4@B�G�p�joJN��O ��cg�8��>�-�~��pa1�#v:i��JErH�F��1'6��ܒ��y�Mv��wLB\D[��P��ߥ��`� ��C�G�-0�A4Tu �Nee�Z��-�e��(�I�蹹��V�=,)0l

Sections

.text
Size: - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5184d4dcdb54c39dddc841d4367580fc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 811KB

.rdata Size: - Virtual size: 161KB

.data Size: - Virtual size: 276KB

.vmp0 Size: - Virtual size: 1.8MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 811KB

.rdata
Size: - Virtual size: 161KB

.data
Size: - Virtual size: 276KB

.vmp0
Size: - Virtual size: 1.8MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 20KB - Virtual size: 19KB