0ca03ca4890836be6ff2e4d8cbbca786aa5684c65398197de3584b7292ae4093

Sharing

Copy URL

Twitter E-mail

General

Target

0ca03ca4890836be6ff2e4d8cbbca786aa5684c65398197de3584b7292ae4093
Size

639KB
MD5

dd4fa1b64ab3c000a0b7711bbf0890fa
SHA1

b1c1190e9ebd17588514fd852fc20e71a05306a5
SHA256

0ca03ca4890836be6ff2e4d8cbbca786aa5684c65398197de3584b7292ae4093
SHA512

83d01cfe79db18c59acd9ca6e5ce44bc9b87a20d83d732446db89417a76645d86c106bbcedf08d255f132edd96093925a35a03f33ad05bb80c845a4f15258647
SSDEEP

12288:Inusk8WXp6zspnjm6jti8uSuiuLr+ussvSDmrd7ES6z1RkqeFVJcHS03UD:uk866zqi6jti8uS4+ussqDogS6zX4Fb3

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

0ca03ca4890836be6ff2e4d8cbbca786aa5684c65398197de3584b7292ae4093
.exe windows x86

fbd7936456cb90f93fb54b7fee88b9e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

comctl32

InitCommonControls

comdlg32

GetOpenFileNameA

Exports

Exports

��K� S�Y��j:�x��+��yt��aՅ��C%��KK�cɡ ��=��7!e-D��epφ��Efvsճm�GL�'�Ӟ�JI�.�zHo�� L�~vҎ�4��0��)��<�^gǂ�q��ک*�Y��|��),�z��O�1v�՜КJ4V�-I��2�+h�LW��;�$��n��x(N�1e��h�k��_��j��>y��@��7�p�)�n�uອ B��ᔧy��_$��]��f�k:\T�� ;y_��~��XZ?�,��B�+14N\F��cݛT��mׁVA!�op�xG�Yy�{��x�ay��AėV-�?D�8��w"��z�n��p+�FǪ29[9puWL��)��&@5zrb�9��2�%�;�O�Ɩ)F� ��V�8�`� �;7��peܛ¨5;�W��e��wr̎�cIjw/I�~��71�O�2�T��54�)�q��b��}N�F{f��%W��Q�े j �Z(��Ԯ:��s�Ď��LR�Ɗ�2 ɭT�g� ��x��,L��Y��*��S��A��ϟ��9X1h7�?<�m�o|��ɡ�)[�lc��y�� |��:�[�iL7�!$��,EZ�+ץ^ �1c˸�"�(��ü'h��f�n��~+~��p �]�A�40Ǟ�ɷ�L%6��R��:��5_��d��!�Iub�^�F�?=��g�9��1�Z/��@"1�b�@�t��FxOS��A �K�Gކ�&dy�5��]r��Qq�� `�;��s��<k�4�'{�� e*�� 3�q�A�4T��Tw��0=�c�Y��ǌ\dv� S�wc��=�p��9/� ��\�^�Z�`9��Bs��y� ��5r��ot�q��.��M�� 8hj�L�{�5�4�=��Ƞ֏��;޻�-H&T��pB��7��8?l��#��j>�ʉ��vs�;I,��M��d��&Yd3R�.9� �(ˈ�(��P��kʯ�h��`>�U��n�%K��)��t��4tgљO�q�ю��B}l�9�2�0B �eV � �=�b3�V�O��Aj�G�mq��73��y��C��!��9�OƳ�݅��,p%&�F��/�N�-�}��6�4r�x��r�<�B��Z"��B:�-;�]o3��;��ʇ�,+% ��y�U��@��QM�X3߉��yw�h��fl��mq9w�1�Ě�O�o&�a[k!֏�[60�O&�b�u#ܣ��0��A�ڝ��\!��re_��k�\�ғaEt��}��gǕ�ݪOg=ͽEf�?"3@7)�&d�^<�Z3��d��L��g��'�Fk19P�E�ϞT��ENFL��1*��]��VbH�ip�?�=��l�A"��E�r/��vϨ}�D��]�k�6C��{�⧦�=�>�]�� .l� �j�$U��l��xe� � �;(�� ;0Ejh��L}9�Wyj��M�!��5��V%�-��Fۋ��*U�@��G�aH�Y��{7�tf�6$�k�ą��E=6��,�7P��a�}'��~f�{�aޫ��!wΑ_��RW��j��Nj��rL�6K��a��b�b<>Vje�֞��N�?�{Nm+Q�OGu��Q2�c��p��3�Z�o\��x��ǌl��̼9�=��h��%� ��|�5�)��S|��=h0��Ɓ��e��^�?6Ϲ�O��1��/�⾊��AG�W�8d� �=+U��V�ey-�v� ��|�3�� 3�M�'��u�,�:�l�� P��7˼�?6-D3tƇ��M��Z�.�c�ʪ�y��f<��5G�y[�#�;!�iXz�]nr0t��0u��b�*��J�ݖ�oW��#ZP�T�}�J��dҜ�c��}��̮u��;�e�M�V�Xc\��<��c%�J`J��!L=Wf�q��N>��8�'��岒5��9��tS�wyi��X�4�[4��I��2>�YS!^'�Q�b"c��&�Mc�V1Sjd��p:��B.!ј�#v��a��J�O+d.d5̥�#Sy@��c>n1�E�#�t��9z��r��u8�j�U��!f�Iu<�v�9�V��JO��}�[ t�z�� &w<�xT%��`r$��;��솥?�<��1�i��q�M1�ډI^l3�l�N�GX�o|�.�V@W9�M�~��[�0^�p.pQ�`�C��N��|4�j{�� yH�l�3��coN.��qp�8�c��f��ĺ�W��fT��-��0��[��5��wyx�8�e_O[4ו��b��n��9pu��g<;z?]uO,8�S26��h�x��L��v�vK��Q��~�_.�2U{�Ւ��-\|��S��"��mlle,��:�B5��L�g�J��&��Y��Fkb(��I'\�⊓I��z¹�eHm�2� S��s�A��z��(��E�D)�%v�;|i�/sAo��u�_�̪��3ź��y� +�7a��:/=ݻF:�O��R��q��?�3p�M��U!��=�ҩ�b��V�pC��8X ��릥0�0��c�k��qe��3��ʸMz�g<��D��wq��Z`X��.B��q*�[�˘j�M<ś�9)�N ��N"aY䨜qC�u�I�/=��CD#��O�o��ʾ��%��}b�y�b+@q��Odt"��σ�*��#gE��ΰ��rѮ|�Ñt�l[�X��W �:��wr�T�͟Zq�6lDRj�X��Xխ��a�`.��Bξ�E��~�� ~A~P�&E>m��;X��Ef#� Pk��N�rd�s�孆0��Z߱

Sections

Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbd7936456cb90f93fb54b7fee88b9e5

Headers

File Characteristics

Imports

kernel32

user32

comctl32

comdlg32

Exports

Exports

Sections

Size: - Virtual size: 24KB

Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 10KB

CODE Size: - Virtual size: 512B

.vmp1 Size: - Virtual size: 550KB

.tls Size: 512B - Virtual size: 24B

.vmp2 Size: 624KB - Virtual size: 623KB

.rsrc Size: 10KB - Virtual size: 10KB

.vmp0
Size: - Virtual size: 10KB

CODE
Size: - Virtual size: 512B

.vmp1
Size: - Virtual size: 550KB

.tls
Size: 512B - Virtual size: 24B

.vmp2
Size: 624KB - Virtual size: 623KB

.rsrc
Size: 10KB - Virtual size: 10KB