9dd02c3a418aa05258309970db8b66f40a49a5a08d6dad0e649daaf63f474cb4

Sharing

Copy URL Twitter E-mail

General

Target

9dd02c3a418aa05258309970db8b66f40a49a5a08d6dad0e649daaf63f474cb4
Size

688KB
MD5

5bd9dfd2eedd143a341ac98a57f755ea
SHA1

4a9b5800dc7e5ea3dedaebe6aa7d2a34299c1c20
SHA256

9dd02c3a418aa05258309970db8b66f40a49a5a08d6dad0e649daaf63f474cb4
SHA512

6a9a5a0130157458e8f30bbd432b89d2611fd3d41c7119639ac0daf723f3c5a138fd34f2da0a776dd1599be2b6b8b442ae1dafb77a56c25814fb2401b2f5e15b
SSDEEP

12288:E45UPCaChK/lmbQqLmZuwHi+XI4z1gd/Ux0oHWDVRSSKJhldavmaC1iIvnzpb7nR:v5faCh8OQqLmlXIe4Mx0NDD60vmaC82h

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

9dd02c3a418aa05258309970db8b66f40a49a5a08d6dad0e649daaf63f474cb4
.dll windows x86

56a7ee7a7c58643a3cc48d8c25d43fe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSysColor

gdi32

SetMapMode

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shlwapi

PathFindExtensionA

oleaut32

VariantInit

psapi

EnumProcessModules

Exports

Exports

SetToOpen
SetUninstall
trim

Sections

.text
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Open
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a7ee7a7c58643a3cc48d8c25d43fe9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 129KB

.rdata Size: - Virtual size: 30KB

.data Size: - Virtual size: 22KB

Open Size: 512B - Virtual size: 1B

.rsrc Size: 4KB - Virtual size: 11KB

.vmp0 Size: - Virtual size: 27KB

.vmp1 Size: - Virtual size: 512KB

.vmp2 Size: 682KB - Virtual size: 681KB

.reloc Size: 512B - Virtual size: 92B

.text
Size: - Virtual size: 129KB

.rdata
Size: - Virtual size: 30KB

.data
Size: - Virtual size: 22KB

Open
Size: 512B - Virtual size: 1B

.rsrc
Size: 4KB - Virtual size: 11KB

.vmp0
Size: - Virtual size: 27KB

.vmp1
Size: - Virtual size: 512KB

.vmp2
Size: 682KB - Virtual size: 681KB

.reloc
Size: 512B - Virtual size: 92B