4dbb0d4ab0fff9e84e9110353b6839c65f4fea5ec2aef081006c852e6c4331a4

Sharing

Copy URL Twitter E-mail

General

Target

4dbb0d4ab0fff9e84e9110353b6839c65f4fea5ec2aef081006c852e6c4331a4
Size

1.9MB
MD5

9ade2275117770b82b725fb6b82f5bcf
SHA1

a3e6a5504a1d4eba192d04a0bff02afd59b50ebd
SHA256

4dbb0d4ab0fff9e84e9110353b6839c65f4fea5ec2aef081006c852e6c4331a4
SHA512

6bd5cc3cfdd1dc7fd3ef3fc0bbd6b8ea1b7ec6c9e8d03ee5f990e5e8d7e3a195e1c8fcdb290405eef0763216a6812a6e0ebe36695e2d8ff19755a4d40e7b7185
SSDEEP

49152:tGXH+7fEb9JgBz8IP1c/8kW8GDWjYQpXuy+5BhVeo:t/rDBzJP1c8kjSwYQg71Uo

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

4dbb0d4ab0fff9e84e9110353b6839c65f4fea5ec2aef081006c852e6c4331a4
.exe windows x86

ffb7001ee70338a5a0f3fde18022974c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamClose

ws2_32

getpeername

kernel32

FindFirstFileA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

GetClassLongA

gdi32

CreatePalette

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

OleIsCurrentClipboard

oleaut32

VariantCopy

comctl32

ImageList_Destroy

oledlg

ord8

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffb7001ee70338a5a0f3fde18022974c

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 493KB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 259KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 741KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.text
Size: - Virtual size: 493KB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 259KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 741KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.9MB - Virtual size: 1.9MB