a9cfd1d942cf80e77811d672721027dccc88c32240c04812edd65b96cbfd1cff

Sharing

Copy URL

Twitter E-mail

General

Target

a9cfd1d942cf80e77811d672721027dccc88c32240c04812edd65b96cbfd1cff
Size

1.4MB
MD5

f90952afa7f398255e570e52bad1b2d9
SHA1

50c6d3dab8fb48c192f7b5503b60055681a84f29
SHA256

a9cfd1d942cf80e77811d672721027dccc88c32240c04812edd65b96cbfd1cff
SHA512

e66d7c9df728b339f3ad7aa576a0aad5f51ecd5ac7220b1ce24657f05977eb15f1a52632dd5432c743cb86a81ca2d5d620b04ef2de349b1700a9e0c5a2e4e6e6
SSDEEP

24576:kbJ5xrfkvi8gxzjaGQIAU9WmFGhPkFD6v2KDmwo2XWnI8api6ZWRztK1kFjUAJpi:Q52i/u7IX97kPkJ6tSwo2X+V6ZWltSk+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a9cfd1d942cf80e77811d672721027dccc88c32240c04812edd65b96cbfd1cff
.exe windows x86

d5bb013ba55f36fd5631b53b8d6a2b34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMenuItemID

gdi32

SetWindowExtEx

winmm

midiStreamOut

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ord17

ws2_32

WSACleanup

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5bb013ba55f36fd5631b53b8d6a2b34

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 501KB

.rdata Size: - Virtual size: 852KB

.data Size: - Virtual size: 121KB

.vmp0 Size: - Virtual size: 792KB

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: - Virtual size: 501KB

.rdata
Size: - Virtual size: 852KB

.data
Size: - Virtual size: 121KB

.vmp0
Size: - Virtual size: 792KB

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 12KB - Virtual size: 11KB