cb0f4fa8e284ba03f26f74041366d1a0aced336248b4fc3ad0b410a4f5a21415

Sharing

Copy URL Twitter E-mail

General

Target

cb0f4fa8e284ba03f26f74041366d1a0aced336248b4fc3ad0b410a4f5a21415
Size

1.3MB
MD5

4097adf07861d0c595e4ddaf154e0011
SHA1

150b5af9ff6dc15171f55133b5bbd428afc87795
SHA256

cb0f4fa8e284ba03f26f74041366d1a0aced336248b4fc3ad0b410a4f5a21415
SHA512

01b4559414ed2f5ece05b8a46609947fc30447de95d4c9da79c3869c7768c61a41cd71e3d72733db150d6f1d3248c145ed360ed4ced96af7d8cb3caa1e876515
SSDEEP

24576:x7FVcfPqBa2jq9dSUXFM6IrlUdPrYYzJPaBPVjFUnXTk:ZFuPca2juG6WSdPcgPU5Qj

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

cb0f4fa8e284ba03f26f74041366d1a0aced336248b4fc3ad0b410a4f5a21415
.exe windows x86

05c576ea5d762167a9bb823ad265f5ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

midiStreamClose

ws2_32

recvfrom

kernel32

SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

BeginPaint

gdi32

CreateRectRgnIndirect

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

VariantClear

comctl32

ImageList_Destroy

wininet

HttpOpenRequestA

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05c576ea5d762167a9bb823ad265f5ac

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 524KB

.rdata Size: - Virtual size: 204KB

.data Size: - Virtual size: 288KB

.rsrc Size: 96KB - Virtual size: 109KB

.vmp0 Size: - Virtual size: 706KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.text
Size: - Virtual size: 524KB

.rdata
Size: - Virtual size: 204KB

.data
Size: - Virtual size: 288KB

.rsrc
Size: 96KB - Virtual size: 109KB

.vmp0
Size: - Virtual size: 706KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB