162ed6e1db6789462d295feaf437482dde82ac59a7a1f00bcb5096f8f955bd26

Sharing

Copy URL Twitter E-mail

General

Target

162ed6e1db6789462d295feaf437482dde82ac59a7a1f00bcb5096f8f955bd26
Size

2.3MB
MD5

36be18706a332b244fc3c62bf5db2820
SHA1

b35700efbaed82b5fd7bb2af58d9196eb5b67a99
SHA256

162ed6e1db6789462d295feaf437482dde82ac59a7a1f00bcb5096f8f955bd26
SHA512

5dbcc569a2c70ce38fc3568f84dd9a70a2ae0d28f38875674eb694d1e68085245d3088e24eaffd05d068003d53ed60b362be3e05aa5165331769c8ceb4623cd5
SSDEEP

49152:Bz1inbMnN6dMq5L7j6k9xN0i32Una6Wz2Cv+BNrSn5ZhNzajEQZai:x18go1d9H0iGU7Cv+BNsfza

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

162ed6e1db6789462d295feaf437482dde82ac59a7a1f00bcb5096f8f955bd26
.exe windows x86

4925faef7e07b7549df2d844763f6d9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

WSAAsyncSelect

kernel32

GetTimeZoneInformation
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

IsIconic
MessageBoxA

gdi32

Escape

msimg32

GradientFill

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

StgCreateDocfileOnILockBytes

oleaut32

SysStringLen

comctl32

_TrackMouseEvent

oledlg

ord8

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4925faef7e07b7549df2d844763f6d9e

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 564KB

.rdata Size: - Virtual size: 2.9MB

.data Size: - Virtual size: 200KB

.rsrc Size: 20KB - Virtual size: 31KB

.vmp0 Size: - Virtual size: 184KB

.vmp1 Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 4KB - Virtual size: 124B

.text
Size: - Virtual size: 564KB

.rdata
Size: - Virtual size: 2.9MB

.data
Size: - Virtual size: 200KB

.rsrc
Size: 20KB - Virtual size: 31KB

.vmp0
Size: - Virtual size: 184KB

.vmp1
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 4KB - Virtual size: 124B