7d00f843ff9bee3803b1cc225bef580ac9b8df7c4f9b29fe8fcf1d2e2e778635

Sharing

Copy URL

Twitter E-mail

General

Target

7d00f843ff9bee3803b1cc225bef580ac9b8df7c4f9b29fe8fcf1d2e2e778635
Size

952KB
MD5

c8ccf573777e326b680e4f60614c5f64
SHA1

d956e1efc8adbda8cb98329f448962f7d5ae91e3
SHA256

7d00f843ff9bee3803b1cc225bef580ac9b8df7c4f9b29fe8fcf1d2e2e778635
SHA512

b142a2e94381ce14a4cfd322eb8b5c51253a551e7392417f731eb018775754b2ed1f81f676634ced17d621a69e3b41c3a90efc97cd1d8dd3654e132d5e7605e4
SSDEEP

12288:lCsChjAZx3bfwVIEjVDwJubINFgqXkvljRnYkxQ/vtbmIbllCVyDDQAamhbW:lrXyjBwJubINFgq+Rnc1bTblMVs7hq

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

7d00f843ff9bee3803b1cc225bef580ac9b8df7c4f9b29fe8fcf1d2e2e778635
.exe windows x86

15bde712e82ba4b77fdbbe6140b1a7ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

CheckSumMappedFile

kernel32

TlsAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

gdi32

SetBkMode

ntdll

NtQuerySystemInformation

msvcrt

fgets

advapi32

RegDeleteKeyA

ole32

CoInitializeSecurity

oleaut32

VariantClear

urlmon

URLDownloadToFileW

psapi

GetModuleBaseNameW

ws2_32

connect

Sections

.text
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 837KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15bde712e82ba4b77fdbbe6140b1a7ac

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

kernel32

user32

gdi32

ntdll

msvcrt

advapi32

ole32

oleaut32

urlmon

psapi

ws2_32

Sections

.text Size: - Virtual size: 40KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 2.0MB

.vmp0 Size: - Virtual size: 857KB

.vmp1 Size: 837KB - Virtual size: 837KB

.reloc Size: 512B - Virtual size: 268B

.rsrc Size: 113KB - Virtual size: 112KB

.text
Size: - Virtual size: 40KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 2.0MB

.vmp0
Size: - Virtual size: 857KB

.vmp1
Size: 837KB - Virtual size: 837KB

.reloc
Size: 512B - Virtual size: 268B

.rsrc
Size: 113KB - Virtual size: 112KB