8de105771e5779ae9121f7cad873cdbf4df9dc5c609d81b121239b9271c007ff

Sharing

Copy URL

Twitter E-mail

General

Target

8de105771e5779ae9121f7cad873cdbf4df9dc5c609d81b121239b9271c007ff
Size

725KB
MD5

a7c949ddd028f01f2a0ed3f282da4301
SHA1

6d109cf2cdf680308a351c8452b04778841cef79
SHA256

8de105771e5779ae9121f7cad873cdbf4df9dc5c609d81b121239b9271c007ff
SHA512

6ddcd3ffa5cb47cc2976f7b9c5275724e55c0a58dfb3929384b34cc3fa73e01f158b5e65c89276895eee3fbd2e95502f4794ba67f9d1c07f9b17179ce32f856a
SSDEEP

12288:QYV2TIO4zmHlccqhILjmZLBr8tVWBr3ts1E:B209mHycNSLBx8

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

8de105771e5779ae9121f7cad873cdbf4df9dc5c609d81b121239b9271c007ff
.exe windows x86

6acf6ae20b385e1f1ca76d0ff79be464

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

kernel32

WaitForSingleObject
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

realloc

shell32

ShellExecuteA

user32

GetInputState

Sections

.!rc!
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ChW8avWh
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

OZNFY7Rg
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IHJ3KUI5
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0ICFj14c
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AoRE
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6acf6ae20b385e1f1ca76d0ff79be464

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.!rc! Size: - Virtual size: 176KB

ChW8avWh Size: - Virtual size: 4KB

OZNFY7Rg Size: - Virtual size: 304KB

IHJ3KUI5 Size: - Virtual size: 4KB

0ICFj14c Size: - Virtual size: 24KB

.AoRE Size: - Virtual size: 2KB

.rsrc Size: 160KB - Virtual size: 279KB

.vmp0 Size: - Virtual size: 50KB

.vmp1 Size: 563KB - Virtual size: 563KB

.!rc!
Size: - Virtual size: 176KB

ChW8avWh
Size: - Virtual size: 4KB

OZNFY7Rg
Size: - Virtual size: 304KB

IHJ3KUI5
Size: - Virtual size: 4KB

0ICFj14c
Size: - Virtual size: 24KB

.AoRE
Size: - Virtual size: 2KB

.rsrc
Size: 160KB - Virtual size: 279KB

.vmp0
Size: - Virtual size: 50KB

.vmp1
Size: 563KB - Virtual size: 563KB