a88b420cf910182ac94dafa32671365abee3a09e02c1ffa3adf1e51d416ec204

Sharing

Copy URL Twitter E-mail

General

Target

a88b420cf910182ac94dafa32671365abee3a09e02c1ffa3adf1e51d416ec204
Size

154KB
MD5

ab98f77d096521b4b2ca59e830523e20
SHA1

58b0ce23bbff0c58e92e51433f2fbd7db0d03be3
SHA256

a88b420cf910182ac94dafa32671365abee3a09e02c1ffa3adf1e51d416ec204
SHA512

b8f502ca4c35857b1bdba03e256350262b6da1f25dcf89ac232c758534aaf5f485de5a20eed7b087d89c88b624426756ee6971e7060e92111f44a01f81d81136
SSDEEP

1536:dKgOSuBTAETutyWQsYqlMIIeqy4gOUrc3WZ6D5K9zm7xpiK+gm3K8ZyC0ILHV0Au:rErkQ4JJqyZgD5K9IpagmdZyC0sHtu

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a88b420cf910182ac94dafa32671365abee3a09e02c1ffa3adf1e51d416ec204
.dll windows x86

f30dc14d661f9938c3cc87099e49ce1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
FreeLibrary
OutputDebugStringA
GetCurrentProcessId
ExitProcess
TerminateProcess
Sleep
CreateThread
GetCurrentThreadId
GetTickCount
lstrcatA
lstrcpyA
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
CreateProcessW
ResumeThread
CreateProcessA
CloseHandle
ReadFile
CreateFileW
GetModuleFileNameW
SetEndOfFile
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
FlushFileBuffers
SetStdHandle
SetLastError
FlushInstructionCache
GetCurrentProcess
VirtualQuery
GetLastError
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
HeapDestroy
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetClassNameA
MessageBoxA
SendMessageA
GetWindowThreadProcessId
FindWindowA
wsprintfW

ws2_32

bind

iphlpapi

GetAdaptersInfo

ntdll

ZwCreateEvent
ZwDeviceIoControlFile
ZwOpenEvent
ZwCreateNamedPipeFile
ZwCreateFile
ZwCreateSection
ZwOpenSection
RtlInitUnicodeString
RtlUnwind
ZwReadFile

Exports

Exports

MyOut

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f30dc14d661f9938c3cc87099e49ce1b

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

iphlpapi

ntdll

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: 8KB - Virtual size: 7KB

.vmp1 Size: 30KB - Virtual size: 29KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: 8KB - Virtual size: 7KB

.vmp1
Size: 30KB - Virtual size: 29KB

.reloc
Size: 5KB - Virtual size: 4KB