0c60d77a57ebf7fa66c6dd7a3259d81d8fba65340926cadc23301b402035d0bf

Sharing

Copy URL Twitter E-mail

General

Target

0c60d77a57ebf7fa66c6dd7a3259d81d8fba65340926cadc23301b402035d0bf
Size

504KB
MD5

83d1a69c4dbda1fe6bc258808dc39650
SHA1

3b60abbb1457ebb95c82ab38d76ed1edb62758a0
SHA256

0c60d77a57ebf7fa66c6dd7a3259d81d8fba65340926cadc23301b402035d0bf
SHA512

999eb66e87aec0c496427e9a5cf859871582ae844106ade0077825c443bb12cbcccff50c159e2463d2f211a69023b58a7eea93148975cfbf32a6e72a4ffb81ca
SSDEEP

12288:u+2EBqYewTpgsFvgs2pNlfvsK0gZjAnCx1wkMqRvMk4LcbY4L/6VU:i+99fF4s2/lfvsyZjAnCxuERMk4MM2

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

0c60d77a57ebf7fa66c6dd7a3259d81d8fba65340926cadc23301b402035d0bf
.dll windows x86

b126809b14aa1176bac49b1862be19d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamRestart

ws2_32

WSAAsyncSelect

kernel32

SetLastError
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

LoadImageA

gdi32

SetWindowExtEx

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ord17

comdlg32

GetSaveFileNameA

Exports

Exports

GFDTRDSRTU
��

Sections

.text
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 488KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b126809b14aa1176bac49b1862be19d4

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 500KB

.rdata Size: - Virtual size: 88KB

.data Size: - Virtual size: 195KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 75KB

.vmp1 Size: - Virtual size: 134KB

.vmp2 Size: 488KB - Virtual size: 486KB

.reloc Size: 4KB - Virtual size: 36B

.text
Size: - Virtual size: 500KB

.rdata
Size: - Virtual size: 88KB

.data
Size: - Virtual size: 195KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 75KB

.vmp1
Size: - Virtual size: 134KB

.vmp2
Size: 488KB - Virtual size: 486KB

.reloc
Size: 4KB - Virtual size: 36B