f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce

Sharing

Copy URL

Twitter E-mail

General

Target

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
Size

1.4MB
MD5

c736898bac2d31432a142ad9c002c51b
SHA1

afe50b0bb711b3342d6f095e7fc7ca060e196781
SHA256

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
SHA512

1f2d195e6ad967374185486c21d7df64d5801de7205de53db8742237e9ab29826901a5f323c938ca516f1eb04db4e9da14a80a09507ef6b2952b67422f50730a
SSDEEP

24576:Tbfgfplc+YEnwDvFwJ31vj3bmerKaMzD84Q8bkUHOIT7:TbfW7c9EnotwJ3xfmAKlbkls7

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
.exe windows x86

b7cce2ccd4f4ef92f0e048513422e889

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow

gdi32

SetPolyFillMode

winmm

waveOutGetNumDevs

winspool.drv

ClosePrinter

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

VariantClear

comctl32

ImageList_Read

ws2_32

recvfrom

comdlg32

GetSaveFileNameA

Exports

Exports

p�/��,�D�ٕ��e/<+�yWH�S@c�OW�d�H5�2=��6-�� w�Ԉ��,�_�~�/��A� �� dRǙ�C.��l!�1�5-��=C��U�E�y�n�� Ѕ��;܋�5.oi4t-��jUN��mP>�mj��y�R�� J�ٴ�G2 ��LIs�� ^Z'�9�g��U�0�½%��.s6��L�<�2�4��P�U��PfO{J�U*L�(�|�e��/�E�� q��@#"�2.=l�p��M>�s��z.^��a*�\2$��ڲe��\N��?l|�E�5�L�M�J�Ϩt��J8c��`�泪<��J�G��D��1�q�#��x�(�W%��|["�EkDv�BG��9p<H�7U��A��1��=~��%�T��dl[6�ǆ��s"�V��ܩ*�� _9O��*^�ۖ4vC3�l�j4͉1��fNՁ��bg�o~U&ܻ�}� V:��ۂ��"��RW�U��k0�E�"�3Q��l��,��;��w4mr+팽�W��Ƶ�N�+�,YU2G��T\S��@,`D��zj��!��2 ~[��VV�!{'�� 2{��)��*e��J~X��~��6��ϦG%��x�Z�*�a��Թ�nrc٦�d�Lw4��d-��}�&G��c�S�g�T1 i̽�wp�mY_��B,�;T��ޔ��Lml*��Ĩ b.$o��76wӉ;��d$L�?��s�aG�ܳ1׊0h�-@��)mW^��l�j�j!d�V�!gy #��9P��D9�7;O!��h�-��c��g��sF��'ä��wp!�Ph��kK�FpzJx-��^)��b�� a@��5��hdp�x��Qs�`��hp��3�"YC��:r[�ս6A��'�cG�[`.��6c�`�S_��RX�o7;�J��ۇ�/K��͋��e��X��Ņ.g�f��Q�Ȓ��0��3��f��Z!xz�1�r!��8(�f|��(!@wX��5v�V+��R�K�B�NE��}��1�ǟS�M�8��"T�Ob��E G��g͖{��J�u� �XFz��»��#$�]/G��Z@�:��fp<<{��a��~^��+�{1 ~��2�۩��/kyV��Qq�d��>��x;�?�� *�#`m�a2��pJ��ͻE�Z�a+�P�'ۏ�_i��$�>��:��J�6��e��!�Hk&l�GP]�=.��y�cF��ى�P�� O�G��h �ti~Q��ƌ�jK-c\��|_4H��e�M-��Lz��Q��R��'�`�^��k|�VcC�![��"�P�y!C�͕��pX��G�#\0�c�+.^�PB�i��[ah�0��!NJ �쩕,4ȇ'U�mA��]�H�``]�H �(�w��>��3�?� ݾ|�5�!̤��P�X�˖A��i�g2��-ց][YŚ��l�Kؒb`��B$��Q��u��^��3W\��|��S� S�Su��ã�K��E��>�Y�cNI�G��`B]0�3;��~��\�T�U��9BQ��7X�ݣ�Rٲ��mp�^��\8�M�8��_��Ã_��0��s��:c��|��A�1UPA��m[t�G�/��AnE_I]��CU��x )˺��NHN:��ލ��!n��FjSRL�&_��/��&<^��Ē�a-v̰��'�J��/�� W��n�SpƋ�d~,��ߔk�ϡ ��Q�q��<�5�TQ��u�)��Ԉ�z�E��v@ ��V�� tޙ�Ǽ�N��X��!�ؽttW�xgY6^ug��{��<��(��ѐ�o|yq�O��ի�KS�,MW��|;�9��P��e��PYh� �N�d��C}�h�IbM;��=��~��4 �DƔl?�Y�FJ�ѳ��XNr��H�CYՋ˾�r�VO�8c��Ӹ�5Hl�M�Gc��y��Fv��{cbX{G%��[X��$߃�b5�r�ZDuv}�i�s��ˣOo�G��괵�v��3��r��u�V%fR��|XxA��j�?��g�@�Y��yG�nN��'D^�!܁�� ~�G?�ɇbY�WAjŃ%�L�*��>n��^��Aw�[`̵BAY��}hHg$�f��£�$}qN("]$�UL��|��Kf�~��bF�2��L^>�� :�Й|ũw��d��ѥ ��ߔ ��p��<�u N�u��3��*&�S��e ��]�q|�3�K��<�嗙 ��T�`u�� u�ۆR�T�hr}Y �f �b_ ��1J��9��[�h�˲�pL|��&e �Ժ�7W��Y��[!�ڭ<5G;F�.{��-X��]��}zN��'�P7�-��,썛��c4q��{\�s^��]�f�p�_S�M{o��»�~��jL ��1%�㩣m��lػU��R��Y~�<��[z�z�I!O��Q8��(�HtUϨ�L��Nr&�t�*�&��M��={C$��x*��8��7d��^��,�f0��^��N��P_g�Mq��;<4��q;rO�s��!.��Y�0%�ƨYc�er��$o�_z /p�F�� RI��yƂxﲯ��7��+��1,L�� I��^�b��n��O�\�k4��S�H�y;��:'4�p5Y��ڤ�\�,��g�H˔j��"ө��Sc/ctJ�D�'+ds��Ipt3h�!�$$��J��2��f�y�;�u��m�A��rl�M,��KW��z~�Q�@+�,��T�W[�!J��Δ�Ȏ��n ��֜,2��A��4#�vM-�pSן&��d��%�3T�@��֢X��UO��u�V^r�"�&<�S�˓ �� ?

Sections

.text
Size: - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7cce2ccd4f4ef92f0e048513422e889

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 756KB

.rdata Size: - Virtual size: 117KB

.data Size: - Virtual size: 194KB

.vmp0 Size: - Virtual size: 892KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: - Virtual size: 756KB

.rdata
Size: - Virtual size: 117KB

.data
Size: - Virtual size: 194KB

.vmp0
Size: - Virtual size: 892KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 12KB - Virtual size: 11KB