e689b383b036cafcf1b1ce3f3231456d0aec05ed1afa0877228cc442248b5874

Sharing

Copy URL Twitter E-mail

General

Target

e689b383b036cafcf1b1ce3f3231456d0aec05ed1afa0877228cc442248b5874
Size

828KB
MD5

2f2c59eaf6c9c8cf15cf6bdea9881390
SHA1

dcb9fbc0467d4970e9c5257af34083eadc33c2f0
SHA256

e689b383b036cafcf1b1ce3f3231456d0aec05ed1afa0877228cc442248b5874
SHA512

c8953fc0b992f16af52b8f7993d59d3c3f589e905b13133230d1cc553411b5517c97ecabe55c737d3a7544dc77a5867920d7d78f49d77bd7e5a65b6df269d2a8
SSDEEP

12288:O+5DNMCWA7/gZZaYUpl3yh9FQuNU/YG/LG6y9EJnICBRhh+Y5PQIu0r2KIeK+z:p5WG/USj3yrtNu/a6sEGCBRKcPQS2KB

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

e689b383b036cafcf1b1ce3f3231456d0aec05ed1afa0877228cc442248b5874
.exe windows x86

2a9395d98b582ecfeca3581a35e08192

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingW
GetModuleFileNameW
MultiByteToWideChar
GetStartupInfoA
GetModuleHandleA
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
TerminateProcess
GetCurrentProcess
CreateEventW
GetModuleHandleW
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
LoadLibraryW
CompareStringW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
SetLastError
GetModuleHandleA
FreeLibrary
GetCommandLineA
HeapAlloc
RaiseException
GetLastError
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualQuery
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

FindWindowW
UnhookWindowsHookEx
IsWindow
MessageBoxW
wsprintfW
MessageBoxA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

_acmdln
_controlfp
__CxxFrameHandler
wcslen
wcscpy
??2@YAPAXI@Z
free
__dllonexit
_onexit
_exit
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 612KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a9395d98b582ecfeca3581a35e08192

Headers

File Characteristics

Imports

kernel32

user32

msvcp60

msvcrt

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 92B

.rsrc Size: 160KB - Virtual size: 158KB

.vmp0 Size: 612KB - Virtual size: 610KB

.vmp1 Size: 36KB - Virtual size: 34KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 92B

.rsrc
Size: 160KB - Virtual size: 158KB

.vmp0
Size: 612KB - Virtual size: 610KB

.vmp1
Size: 36KB - Virtual size: 34KB