21b7cd961632a727c2adaba0a06b357fa041f23d2b91c549918de2d99fa5c611

Sharing

Copy URL

Twitter E-mail

General

Target

21b7cd961632a727c2adaba0a06b357fa041f23d2b91c549918de2d99fa5c611
Size

1.9MB
MD5

923997a13c3aa77f8963853fb42e1e3b
SHA1

0cf8e502cb79b61adc9ba066864d086716772df2
SHA256

21b7cd961632a727c2adaba0a06b357fa041f23d2b91c549918de2d99fa5c611
SHA512

bbba8f8534e1e622e823e3490616d1b949a20acf65841fd09337dd8b9b85c9f2383126eb9bd10c2bb72357f9e086be657c4bef4c58098865a078d52f487fb8e1
SSDEEP

49152:bHUKIdZ3Xv/fi6py/PAfzHZbL09AuoCNEDP4GauEvPn:lIP/vpSqdL0KRYcP4OUn

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

21b7cd961632a727c2adaba0a06b357fa041f23d2b91c549918de2d99fa5c611
.dll windows x86

937fbe41bf839c3aca01bdea09aab3d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MoveWindow

gdi32

GetDeviceCaps

comdlg32

GetSaveFileNameA

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

comctl32

ord17

ole32

CoUninitialize

oleaut32

SysAllocString

psapi

GetModuleBaseNameA

ws2_32

accept

winmm

sndPlaySoundA

Exports

Exports

� 䩎Aeʷ�z��g��wo��$��k�_H�_Ao��j�+ӄ*��#M �@ {Y�n�B�X ��Ȯ$yc,9��v��T�Y�6b>��S�mȱzXY��%�,�&�J5%*�I��orgY-o��=��W�^�!�6��Meo=e͕s�|�T��*�R��H-�`��H�Jb({��<6�s�v�;$�A��{��E��1j6��'�{Y��d=�#�2I��P��J��Q�Ԓ��=��a+{ ��\h��4M5��:�9)�}��x��f�ن�8��u��4��г�pKЙ9tM� ��fH��ݽ��@1�:�:r��:j��$��0N��M~u�@�a��s�C��1B�i1չ�w)%�lpG� �!� ��*�O�B@{�3��N�.q�+��ԀM?��B=�6 �O��l+g��6��QD��uHb򬦬�Y�.��F ҫ}~Fp��B��j��г�W��}��̐�5Vmd�ۣ;�Б��@!�؂�fQ%�I�y6��z��Ա��ڢ��Y{��fƸ2�P!{hW�_��GZlC�u�p��Q>O�r��X!�d@�T-�G��b��Q��޼�:ZRh%]��ZG"��jə�ؘr�F��G �w�B�W��oh�J��XոX�1!Xݹ�c�4|��K�4z��B��tb4~ ��*=�/�^��"� )}gG��P��`�a�Ⰶwz aH��f3�[�q;�'�|ϧ�&��&�pFǫ��+��?�8h��9R��hc�:�x�l{Ϋoy�\�,��O�p�MO't'��K�p�� 1��ۇܣ~u�H��u�A��`��M�GlU�])�o�6%|��v�T�$�@V��H��0��H#UO�ʡ~=�t�mbX�'�ƍynb�'�K:��'��=#��>��sU{�l��6�Y��N�T'eh��R��m�"~��L�E��j=Ľ�Aa�Y�{ġ k{�"� S�4�|��-�P�2H��k� ɯ[j��M�Y*��2�BY�C��VW�4��X��x~��EMt��~��q%dB ��}72Ä��u�S/��[�Ĝ0�1N��)�ʼ<rޒ3�y �GW��,�� װh��/��9�;] ��Ͻ��Cӳ~>!�< �K�D��^Q"^�X��\�|�2 ��M)Z�u5��8rtȟ9��M��x&�1~ܦ �� pq��<�8(��ӿ�)U��.�Po*W��cO?��SX�4��M�Y��Ǩ��o�1��qp�To<�堸�.R铁��u�G�X(J9ᜩM-��,�M0o�cF|;��+��à_��`�pr$*i��Ǧ��ȼ��&�{px-@��&��I̡�x.l��|qPI��WoC��k��Ƣ�㮝�j�d��Q-��~~A(��OL�l�i�թ�'F6��TŨ8�2�,>�#(,�u��o�6��o��'l��`Y��p��b)֩��䱻(�$ɍ�B�mN��v�<��g�A��-aVMz�k��ct�eiA��U��+*Z2-��I�STZ胣R��t��3��a�ɽşn&�Z�Lf�0)q��i��|3y%?��r��{��4Ô��@j�0��S--��m��H��L"VrvT��W"�B<��S��8�zvb��9��\��a5KW��Т9��d1ָE��B�!��V��ĚBk\�C~�d+��V��]�,u� �nfg�(�4�NV��c�q�zv�8��!֚ʳ�R[��v��9¹��'y�l+A��'0�x]:QK��*ߩ�,|��}ț��,��[��kV��i��T�"��u��2By��0�-��)��ͫ��@rP:y��襱[��\u��N��#m�[fvbd�a��_��(;4��QG��;�Ve<�}��nc�Ī�AJ��VT�^�x�y_�_��G�()�eɥʳ��c��}U�dв�H�Ww�1 ߶<�.8w�)��u<j�M�匲!��~��)��Z��f��^��C�2p,��ll��$��'w�3�=��)5�S��5/�J��}4Ʃ�ȁ~o-6S��H�/ϋN=D#Ң�f��p�mp�x�)� �'��k��&�p��\VrsvP��T�.�e��n:�g�P/��6��7��%�1�rI+1��A�cZγ�0îW�V:w�gս��֠%U��qQ�8��}r@��%�}]%hpk;-��pB&J}�j��o�v*8g?�/؀Ƶ��~ � R�"�_ŵU��'��zP$Ҏw��Z{��[�nI��<~9L!�N��xRG?��y�;k��C)��:�6̥a,�?'J�6�'�Y�F�8?�c"1��H��H�E��}�p��ڎx��/�;n߷��Y�$w�r�U��SK��q�$j��m��]Nͣ�HJt�>o�m��]�uCBhqC��$��.8S�O�L x�,�u59�εy��{�o ��N��@�?�� Gy'��~��(ǧ��9h,��^~�Q�eTK��y��n$�y��+:d_�Ong4�I��9Ó�~a��ﺛ��G|��W�@z��q��lo�0t� ��$�8I��Q�ע�! ��Wv4�cHC�Pi�'n��iRP��c��汨�d�u!�Q;��+G��[&x ��*�9ja�;��h��p��m�X��!�d�=_"8��%P��6"B� �f��W�QB ��v��I*l��<t�S��L��3�(�V�B e(G�C�E=�?�u�,pW�LT,��SZT��W�@/��?j��:� ��e�S�w ��8��sC��p��B[m�A��#(U��

Sections

.text
Size: - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

937fbe41bf839c3aca01bdea09aab3d0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

ole32

oleaut32

psapi

ws2_32

winmm

Exports

Exports

Sections

.text Size: - Virtual size: 499KB

.rdata Size: - Virtual size: 89KB

.data Size: - Virtual size: 328KB

.rsrc Size: 8KB - Virtual size: 160KB

.vmp0 Size: - Virtual size: 73KB

.vmp1 Size: - Virtual size: 1.6MB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 4KB - Virtual size: 232B

.text
Size: - Virtual size: 499KB

.rdata
Size: - Virtual size: 89KB

.data
Size: - Virtual size: 328KB

.rsrc
Size: 8KB - Virtual size: 160KB

.vmp0
Size: - Virtual size: 73KB

.vmp1
Size: - Virtual size: 1.6MB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 4KB - Virtual size: 232B