9e486c749b112e5fe2f7e9c7f2f753bb0d802bc293b07dee02e109cc93a614b8

Sharing

Copy URL Twitter E-mail

General

Target

9e486c749b112e5fe2f7e9c7f2f753bb0d802bc293b07dee02e109cc93a614b8
Size

944KB
MD5

7f17cd3a0f06bcd2a8427e4d26a93523
SHA1

16dd8b833ea9abe90214b3fa866385da2a83c348
SHA256

9e486c749b112e5fe2f7e9c7f2f753bb0d802bc293b07dee02e109cc93a614b8
SHA512

6a8ea590a803d46bff4f4cac4c54432498b975e3451729502b5edcc13e75d46543fd897c9b0168b892fa88b4d2a56d167551c1f309e16e6d6c29c7c5f34ef666
SSDEEP

24576:dmbeBr9926yqePHK/gkIIY1NdHoJ2ROVxlIZC371:dtwlvK/gxBdIIRfC3p

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

9e486c749b112e5fe2f7e9c7f2f753bb0d802bc293b07dee02e109cc93a614b8
.dll windows x86

ee9cba43f92608af423e3326510c3652

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CreateIconFromResourceEx
MessageBoxA

gdi32

OffsetViewportOrgEx

winmm

midiOutReset

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ord17

ws2_32

WSAAsyncSelect

comdlg32

GetOpenFileNameA

Exports

Exports

?a?��
?��?��
?��?��???��y
?��CALL
asm_?��??D��?��?
asm_?��??��?��?��?
asm_D��??D��?��?
��?Z��?��

Sections

.text
Size: - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp3
Size: 888KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee9cba43f92608af423e3326510c3652

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 691KB

.rdata Size: - Virtual size: 130KB

.data Size: - Virtual size: 181KB

.vmp1 Size: 24KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 77KB

.vmp2 Size: - Virtual size: 510KB

.vmp3 Size: 888KB - Virtual size: 885KB

.reloc Size: 4KB - Virtual size: 208B

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: - Virtual size: 691KB

.rdata
Size: - Virtual size: 130KB

.data
Size: - Virtual size: 181KB

.vmp1
Size: 24KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 77KB

.vmp2
Size: - Virtual size: 510KB

.vmp3
Size: 888KB - Virtual size: 885KB

.reloc
Size: 4KB - Virtual size: 208B

.rsrc
Size: 24KB - Virtual size: 22KB