8af738556e682b65155c3ad7f80d9863c62060376e553349fed583e5bb8aa4ac

Sharing

Copy URL Twitter E-mail

General

Target

8af738556e682b65155c3ad7f80d9863c62060376e553349fed583e5bb8aa4ac
Size

144KB
MD5

e787f109805c08cc2da2e23f8929f8c5
SHA1

73ef869d4db9acaec0f0422683bc8cbb92d474aa
SHA256

8af738556e682b65155c3ad7f80d9863c62060376e553349fed583e5bb8aa4ac
SHA512

f88bdf1cca54ec13bdb92cf646c666d81e3588fcd696151815a0042df035b83a866a097435622482b8b71bb47ac5501f4aeb459621bf97b300cfc3d1ae0ecdd8
SSDEEP

3072:/q1xWrohfBxeVynOBvBbUyRIzsFM213XyE+i:/GWrObOBvqqyx213X

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

8af738556e682b65155c3ad7f80d9863c62060376e553349fed583e5bb8aa4ac
.exe windows x86

a1e67e3281dcc40aadac422d328be723

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

AppendMenuA
MessageBoxA

shell32

ShellExecuteA

mfc42

ord1949

msvcrt

exit

comctl32

InitCommonControlsEx

msvcp60

?unsetf@ios_base@std@@QAEXH@Z

Exports

Exports

P+�EQ��t��)�l#��0�[��3'�:t;s/� U򣨙Օ�,�">��I��=��ņ ��>6��BB�N�Z19��mș��DO�[ܧf��#��3��^�V��8`��փ��<qB�K�u�K��ks�>�I{�M��u|�FZ:=��U�j�9Ғ�r+8M~�Ԃ�B�m�~nT5�.�lj`�mVEI�emj�i�O��o4`1i`�Z��~�4 T!�,�VX9�q4�CҲ��4�/�m'�J��8/��F��`7I�ݗ�t�Zc��S"��@��:��XAks?�!援�ˤm�S��} �� \��L��!�敡-U u��`�Nef9G��|�4��o�0#�6!��i�)��$/^g��E��d�}O8��Ѿ��S}��`�X�8 jqbfgo�H-̑vXi��Ƕ�)��͟%��2rX 9�Li��Ÿ׍��8�`ʃ ��at�J��o��4@ ��T��AX��?��ʆ|��_�,�s|88��>4G�{�`}X�2[�?1rI"��5ŷ�� k]i�QoH��h��q�^I�0Ȗ^δ�&p��Z7R�||ꮟ,"��IBBA��"d]_ͷX!��.��+M῀��C.�ӭ��C��rs#t�oÿZ�>M:�c��ď)U*U�\4�M@��3��@��:s��Cn�`��.z��+6�^��Ԣ��eS�"J��Y��q4�-)DD�0�<ޓs��C��'�GP��haGrZ��2i�?N��gg4q��p>&r�ޒ��}��2��=J�𶒽e�R�YK�4�oL7��])J(3�lC��n5=�粵��~��R��28�k%�v��_�K��r��_��>�*C�z��b/��c r��@�E�.�W$��}K"ײ�Hg=F5ˆIx�̝��K�2��T��! ��Ҧq��G�>�,��U��.w)픪j�`��?Ij˯�� Wj�-�'�{J��ܹ�N䂭@�9�nDw;��`��Bg��/f�%PJ _x��5��X0�!�� e͚_h�{IR^��o��Fx�Գ�2��ش�m��I��^�}�v�ix��Ï��L��}'��q��D"J�qK>��9��z�KQp�Е݆��Du6��l@��L�+�\B��r�� V~�xͭr�2��O.l��˼Ie�\�XUِ��fG��V�l�<��I,6*�K襹��/��,�eA`:5/|�n�(q��ݦY��'��~[�W2�"��,��R��#�#�{XdM'�5de0�@��%�whW�j�a��%|=>�:NRy��Kzq/��/��o�ê�~�J��*��F��&�#L�x�)ҥȐ�"�1��I*��e�G<S��>3��aR�XT�{��3]� ܣ��?�y@½��U��Tg��{�+W?� Fj[uG�+��*��o��wu��s�QʴQL�'!�U#��K�eX��d�.�Rw��tN�#�w��^�E��]v��UHL�#�q�{�;��;��m��V˂�蛻ۈ�z ��7�_Mߣ,Ð��j��?QE��{�e:��0�d��,} �"�ڮ�?[��[G\��tӏ|Ն�\ꀑ��{�=��{Q�m�a9�ev�[Y3��%E�H��(�_��+�I��w��V�-$��+�/�7Wv&0q֖K -��jTbQncWUPf�FE��(JU� r�6`!��`Q�+V�Fkx.F-�+�� !b�t�~Q��-ʑќ��L*�^R��bs��Þ�RzI��_hEׇ�;��.0��'��=��-�Cn�[�Ó��(��l؁��-˲Oe�~�o�n�_�=0�U��P��am�%74�I~�$E�� 寋�`U��~d��pL��L+^�E ;�zX2�q�%��1�ܗ>�.o��~�w��_ �b�a��吕SJ�z��ϣӡ3�W_}[�Ji��)��6��)�bW)d�!\��I��=*x��mq�!<ג� PLPت��2>��O:�,A8��J��x*�[�xcb<D/B�!��2�ܐ��d�>�Z��'c�=P�� d�D�0%E ��Y��f31�`l�<��^nk��H��v�:�>��*��?��ˬԀ;o.I��]�^y4��Z�?�B�j�yjPZ�J��2��uY _<S�#�g�D{0�M~��U<Z�dڽ��O.Z5J 3xf�|��f� TS�R�v@OfRo�� N��{��38�Lq67l��N&��*��%%�$� xl ߸-��iJ31�SD��+�X�1�@��H�H�d{�o�.��X��|Ի#�z4�� 6Vd��W�ܑ��W^�x7u��i�i1_L�dX�e��[�+�ú��=�>U�<|��6��Ȧ��D]��<�� !�9|�=C��i��uF�?R�R@N�\�6Q�n ��`��`U�*��u�{.,��5��rCvK*�2qG��_4jz�5��1��jZ+Gj/��Y(?�%�ޖ��x��˶�z��L��8��n0�H��]�7�p=��"�� ~�PY�>��1��R�j卍��Wҁ�� w�#�~6��H��Y�gN��O9�� |�?�k�U�0B��nVx��8�ރ�\U+��/;p��zPR5��4pH��=��]��?��(g��O�t-`C�u<K6��J��6�YC��q�F�2��5.��L�I��uiO�B��l�C�4t`�u�v�RV��W��樐�3B<σ��9^��.�(�`��G��5��ԛ�ѱ�s��Y�`6T��g��GK�^+c��z��n�1�b��l�� "YM��89+��@�?�Yw_|��_�%��괊��R��J��<9PpH%��29�

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc0
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e67e3281dcc40aadac422d328be723

Headers

File Characteristics

Imports

kernel32

user32

shell32

mfc42

msvcrt

comctl32

msvcp60

Exports

Exports

Sections

.text Size: - Virtual size: 12KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 1KB

.rsrc0 Size: 8KB - Virtual size: 14KB

.vmp0 Size: - Virtual size: 44KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 108KB - Virtual size: 107KB

.reloc Size: 4KB - Virtual size: 140B

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 1KB

.rsrc0
Size: 8KB - Virtual size: 14KB

.vmp0
Size: - Virtual size: 44KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 108KB - Virtual size: 107KB

.reloc
Size: 4KB - Virtual size: 140B

.rsrc
Size: 16KB - Virtual size: 13KB