0a94f106f009ab5eb25a53afea663167bf80365ce8c901673c4121bda4096560

Sharing

Copy URL Twitter E-mail

General

Target

0a94f106f009ab5eb25a53afea663167bf80365ce8c901673c4121bda4096560
Size

2.3MB
MD5

09227926584ff0d509f0b284299aec6b
SHA1

a8b19ec0172d9d5be1f34eb1187a12d61f4a305a
SHA256

0a94f106f009ab5eb25a53afea663167bf80365ce8c901673c4121bda4096560
SHA512

525fd4cc26e984ecf46c66f2ca53a4b5ed7ed26f7a2e6a00c8b3f26b1dbac7cb2ab37460a3f3839f14f3d79fd54ad1db2ed635783b9f151e5893434ed0252bab
SSDEEP

49152:1aKVBYhEw5ZsgjpU76HEu22cTlyyaxCUSKAs68iUruqZWzrNPNbPKgLVtD2:1aKVBYhEw5ZsgjpYYF2/a4lpk7QhVPlK

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

0a94f106f009ab5eb25a53afea663167bf80365ce8c901673c4121bda4096560
.exe windows x86

7c6efc55ef138c78835a69f3660d4dd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

waveOutUnprepareHeader

ws2_32

connect

kernel32

SetHandleCount
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

gdi32

GetTextMetricsA

winspool.drv

DocumentPropertiesA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

RegisterTypeLi

comctl32

ord17

wininet

InternetCanonicalizeUrlA

comdlg32

GetOpenFileNameA

Exports

Exports

!ڄ�*��"��&��J�Eԓ��/�x�k��~,E��/��ٚ^%d�8n�:��&U��;�U��,�.a�r,`M�쫣��=��Ų9��z�Ri��"�N��u2�ݐ �L��f�@"�a��Q,*��D�!�-��b��ቖd,�{=�s�� Ƈ��ȉ��lh`p�kf�|��y��ck��r��g�{��*��Y��[��| �M��"t�(�Gd��sv9��k\j[M�I�K2��&X*U&��9�Y��y*@MU�;5u|��T0��u��W>�YN�`�!K��ʆ�XLt��F�6�K�a��5�E_s�7 �y�� U�t�_�;Bo��:4^�0�J��y��WUXĚ��n;��%��56��3Z`��~G; О�L��\-Di)S� �ҙ8?��R��^�t#��O��c�_xk7[~#A��M4v&̝s��s�g��̺%�XMȥ�q��or�x��:��\�î��@�c"�F��C�L��<�N��̤��A��=�fW��ǧ��gL�fK�)̳Zp��Z2�"�e�bTr��ո��4K��]��F�&�JA�휢x��\n��AX��h��wI3�@��6�ĉ��Ү�+)��:^��y��{��0��M��(ɧ{q�Q�U ��{X[��OKМx>��!:��d�(�i��,�RT� �d�lj��b��׈#Q�DY��Q��2z#WHݸjw��YW��f�u�R��&�&�T�[��F�6`x� y ��3�\a9��$�䉆�$K�<ջh�U��'=�Jo�*��h@om9D�7F5b]1��1=Y�$-��D��gw�%NO�;��$L��4��L<��j@��Ť��,H��{��0 ��<�"��2��6��굯��g �:s�� 4��4��[c��+T�v%�x��2[��8��9��7�Kt5}D�{m��Q�s`.�-�w�ZX p��v��4��gJ��A`�$:�y��W��q�� ЖY��abs��_(�^Q-1�^��"aU�<��v��1l��D��^��3 �k��$|��[l��K��aN��a��i��J�~��XLn�D�*�K��"�y��dq-�{T鐣 ��z�f�ʉ<�X:��H7�$2a��#s��%��Cd��Dk��t��|��A=�2Yq)6��o�fw�Ʒ�Gf^ A�󆘉��<OmnD4z\Q��|�8Jo�GK�M��#<��Qƫ�J+M��t��S��H56COO)��^BK��7�*C��p�Š%� M4��ux�Lߚ$�)��ؽ�Qi3��ݽ�Z=RB�$s��r#u��`T��ύ*f��F��""�a�*�Qkv/X�V��(��>4�Yqc��~ $XD�f�vǀQ��耱}ɎZ��u��wl�^�d�6{�K��'��}�c�IS�7�Cݼ�T��-��턵��;��|��^�90�c']�L�/�� 4�:'K��U�i5�|0��#k+��Ϡ�p��(�w�@��,7�9�8��e�~�P��O9��dP(�l'��\�_�U��:�1��&��'��h�QL{~�2�o(��y��q�T�vP��^t�u�N�^k��۳�?��B��KX,��~�c{2{o��ȟ>k`�U[v�-��U��f�@^*`l�L��u��%{r�E&c��2�3�_��eĠr�H�] �͊�)�G��x#d t�*��r�^�M0�\?T1Q�P1�?�1�$YU�H��N�mPZ��g��[�z�o|�|Z��r�K��?��~;p@ݯ�ll�q��x`匌H��g��>�k��3��&�#�Q`W�C�B�լ �%��A��md�,tiߟ��T��'Z�i��8i�u�EM�3%~��c��X��8��B��5�J2��V�W��^fUҟ��23�p�t\B�Œ��@� kF�#��lMR �+PS�h��2-�:F�g)[�K�X�S.�Q�yt��3e��5ʃ'��B�TQ��1_φ�(a�Be�a��n��)gъl;$5��]�"�� 3�p �p;�2iS;��#�uO5�mW�%Y��o��Ǝ��'b��LѻZK�RZ��,��5#��9��2k��(` 6��P�\��&�K�.w�z��X ��(8>k0ʕ��2�fa��U�� u�7��j+&F�0yʲ��$� ?Y ��_~��[��0�S��^N��(�~)��?b��"��}�_��s~Q��*�q��.�.C?�ڵg�$��p��V��|t7�nF�s�Q��'c8��!�]��s 0:��'��*fp�Ď��]UH��ثp��Ԍ[:Ym>7��Kc-Ꝇ�Q��b��H��g�I��1k��vL�� ^X 6��&��X��Wa.x��)E��,QDB6��<��bp��ׇ�a��%#��kƼtcX�򌑄,.��ߔ��J�3��ֳ�b��l�@�h��ABS䭹^նV��AN^k}�gJm�S9��F+Ah�P'y!�rEH@��S苌|�C�<��.�%��]�J{�� O=K4�Q鯮@��i��V�𶞏��D+��q�Մ�l)�r��{�&hߘ��C�È�b�״\G�'0{�x��iU؄��-v��%[�Yg A�� L/Nٲ*��G�B/�<�5��l��D�IɣzҒ͆ni��.Z%��G�~ܿ�9��UG��b#X?��.✗B�"��aӒ��Y�K��Jb�Ʉ�F l��֟y�z�H��Ko�MO��w��2��5�$;޶d�� j9hH��r�MN�h��ݏ;Z��:�@R��W�� a��-V

Sections

.text
Size: - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c6efc55ef138c78835a69f3660d4dd9

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 484KB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 281KB

.rsrc Size: 104KB - Virtual size: 117KB

.vmp0 Size: - Virtual size: 321KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.text
Size: - Virtual size: 484KB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 281KB

.rsrc
Size: 104KB - Virtual size: 117KB

.vmp0
Size: - Virtual size: 321KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.2MB - Virtual size: 2.2MB