8da9b13ae179949a6def23bfd7528a112fa02f91d31fe43b95e066a7b8ff76f1

Sharing

Copy URL

Twitter E-mail

General

Target

8da9b13ae179949a6def23bfd7528a112fa02f91d31fe43b95e066a7b8ff76f1
Size

3.1MB
MD5

cdc0de1fc2888cc97d8d01a7147170f5
SHA1

b06cfe573b320fc67aea51c0c8a9cdf2fe8c23c7
SHA256

8da9b13ae179949a6def23bfd7528a112fa02f91d31fe43b95e066a7b8ff76f1
SHA512

33d91ffc575e8c43477b7066a382087c38e41430c83f6af94e15f4158d9c4155fb2b9289d9769172c50a1907cc1ef425727ae9753cfe4028c4e0d8243b0dcb12
SSDEEP

49152:DGFljw8Gbws6c12E8209w9YxGGFQrLsglYQNf+2Vc69KxWpG4aqFMzXoYDj2mvM:Sb9Gv1+9MYYGKX2QNfdVZUxWgtOOM

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

8da9b13ae179949a6def23bfd7528a112fa02f91d31fe43b95e066a7b8ff76f1
.exe windows x86

2f79af22240fd648895acaeef684c936

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutPrepareHeader

ws2_32

recvfrom

rasapi32

RasGetConnectStatusA

kernel32

GetVersion
GetVersionExA
SetFilePointer
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetParent

gdi32

SetBkColor

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ord17

wininet

InternetCrackUrlA

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 918KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f79af22240fd648895acaeef684c936

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 918KB

.rdata Size: - Virtual size: 176KB

.data Size: - Virtual size: 394KB

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 918KB

.rdata
Size: - Virtual size: 176KB

.data
Size: - Virtual size: 394KB

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 8KB - Virtual size: 6KB