dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2

Sharing

Copy URL

Twitter E-mail

General

Target

dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2
Size

22KB
MD5

7626e0cc2260c6a4b740c131e8b87720
SHA1

42f4ca561d1909e9b1c9b216884bf3116a357baa
SHA256

dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2
SHA512

26b415aa5472c3c856c6d002a8f746f7fa96a81beaf5d4f4620627a31cf56ad9b0f02e99ab94499fee0fda0e856310c94f23ebae9509e3ecb141fcb4ee9df836
SSDEEP

192:dcfCmhb4GXqHdftgcxPiXioq/mFsKrinDHbOQr/yJerT8sKfcmMamTtZXB2pBlVx:dcfCmquaFyFXEqrinDHD7yJ5Jcm0tZYF

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

dd9ff6533a6c7dbf6a89f600827224f9b7d3c6c3b4223da630003a800f2438f2
.dll windows x86

690eba7f03a6fb576ade573f2cda7a3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

user32

GetWindowRect
wsprintfA
GetDesktopWindow
GetForegroundWindow
ReleaseDC
GetWindowTextA
GetWindowDC

kernel32

CloseHandle
CopyFileA
CreateEventA
CreateFileA
CreateThread
DeleteFileA
ExitProcess
GetComputerNameA
GetCurrentProcessId
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
LocalAlloc
MoveFileExA
MultiByteToWideChar
OpenEventA
ReadFile
SetEvent
Sleep
TerminateProcess
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

ntdll

RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
_strlwr
ZwClose
memcpy
memset
sprintf
strstr
wcscmp
atoi

wininet

InternetOpenA
InternetConnectA
FtpPutFileA
InternetCloseHandle

advapi32

CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptAcquireContextA

shlwapi

PathFileExistsA

Exports

Exports

COMResModuleInstance
DoReplace

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

690eba7f03a6fb576ade573f2cda7a3e

Headers

File Characteristics

Imports

gdi32

user32

kernel32

ntdll

wininet

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 1KB

.vmp0 Size: 1024B - Virtual size: 574B

.vmp1 Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 548B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 1024B - Virtual size: 574B

.vmp1
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 548B