f7f43f8ed58fb83b5b67c1d133df1dbde96d0483332af9ec950bb6a6cf16baa6

Sharing

Copy URL

Twitter E-mail

General

Target

f7f43f8ed58fb83b5b67c1d133df1dbde96d0483332af9ec950bb6a6cf16baa6
Size

696KB
MD5

a176e5fbef08a4d2cf2a2ddf7fef6315
SHA1

9597393a431661bdf759622af831d85cf1eb3903
SHA256

f7f43f8ed58fb83b5b67c1d133df1dbde96d0483332af9ec950bb6a6cf16baa6
SHA512

b44d5181ea0385cf3dee24bc791e0304d10ce79d13b5bf2394750d36db39161f26c6d50e3282b5b2fccf89684ae0c7ffb34c2d16ae648ad9e6571767dc789f3a
SSDEEP

12288:EaUbU3Sc91eph4zlt2YKzjv9tZYJugIwS42YQbIOGASb8YehUBOw9GrdTC:EaUbUCW1efUkYKzjHZougz1BESb/emBJ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

f7f43f8ed58fb83b5b67c1d133df1dbde96d0483332af9ec950bb6a6cf16baa6
.dll windows x86

75f0d678775391bfa9bf29de7a00aaa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

OpenClipboard
MessageBoxA

gdi32

CreateRectRgnIndirect

winmm

waveOutReset

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

LHashValOfNameSys

comctl32

ImageList_Destroy

ws2_32

ioctlsocket

comdlg32

GetFileTitleA

Exports

Exports

RunDllHostCallBack
��
��

Sections

.text
Size: - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75f0d678775391bfa9bf29de7a00aaa3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 497KB

.rdata Size: - Virtual size: 77KB

.data Size: - Virtual size: 181KB

.vmp1 Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 68KB

.vmp2 Size: - Virtual size: 306KB

.vmp3 Size: 656KB - Virtual size: 655KB

.reloc Size: 4KB - Virtual size: 156B

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: - Virtual size: 497KB

.rdata
Size: - Virtual size: 77KB

.data
Size: - Virtual size: 181KB

.vmp1
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 68KB

.vmp2
Size: - Virtual size: 306KB

.vmp3
Size: 656KB - Virtual size: 655KB

.reloc
Size: 4KB - Virtual size: 156B

.rsrc
Size: 24KB - Virtual size: 22KB