b6035f7aa7ef960e4738fc8801641411b69d5b6a730c55531873c0e4028d48d9

Sharing

Copy URL Twitter E-mail

General

Target

b6035f7aa7ef960e4738fc8801641411b69d5b6a730c55531873c0e4028d48d9
Size

864KB
MD5

c269e8b14370d0e5a317c8f6c60d41c0
SHA1

eac20712c356d0b3fad25b26ff9eed3698de6c72
SHA256

b6035f7aa7ef960e4738fc8801641411b69d5b6a730c55531873c0e4028d48d9
SHA512

94e5b4c1d32604585307ac69f08dd993247224f0757ec455c2d5e1d7eb2ed1e4b00fa0d13b73c992d52a074d2f2e67ad7be4a9ea6218365d92fa6ef826ec73b3
SSDEEP

24576:2ZCEGMjbeHrASZj/ok1Uz4eYZHPHY7KGuWqLwBFFMoJkVwr:2NfmASuk1UIP4TBFuoOVwr

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

b6035f7aa7ef960e4738fc8801641411b69d5b6a730c55531873c0e4028d48d9
.exe windows x86

8c91792eb2ab0d0b1791f78ed6c16a09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutReset

ws2_32

select

rasapi32

RasGetConnectStatusA

kernel32

GetFileSize
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageA

gdi32

SetStretchBltMode

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CoFreeUnusedLibraries

oleaut32

SafeArrayUnaccessData

comctl32

ord17

oledlg

ord8

wininet

InternetOpenA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 848KB - Virtual size: 846KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c91792eb2ab0d0b1791f78ed6c16a09

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 527KB

.rdata Size: - Virtual size: 198KB

.data Size: - Virtual size: 224KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 401KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 848KB - Virtual size: 846KB

.text
Size: - Virtual size: 527KB

.rdata
Size: - Virtual size: 198KB

.data
Size: - Virtual size: 224KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 401KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 848KB - Virtual size: 846KB