af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

Sharing

Copy URL

Twitter E-mail

General

Target

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772
Size

253KB
MD5

f4037c5d487a38bcd26742bd87cbbea7
SHA1

fa88b727c277f21b3c05181c825dd5d049706ea5
SHA256

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772
SHA512

6cbe352be0479466f1759b3c5ffe8d6e0256256646f39107a827b94651db1d2559acf530e666fb8b9949dc3910397c996c6bbe946b7994d4763257a624ee2e49
SSDEEP

3072:duXkNMP/YnLTTXh9xdZGoKdVnUIg9IijpkvwM8AtGyI0sSE0ggriZIjU2FCiBhcI:5MHYLTv3ZURwM1GyZsSTriafFp+98thl

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772
.exe windows x86

daf52f9a0fce7040ba472351544e3a74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord631
__vbaErase
__vbaVarZero
ord632
__vbaChkstk
ord526
__vbaFileClose
__vbaGenerateBoundsError
__vbaGet3
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
_CIsqrt
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord713
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
ord581

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

�@c�TqXQ6��ICD�j;aV~г��P��uj0>s�V��/})��(�kd�޴ՙ��߉C�Ӣ��Ήr=[�\2�M� �s�``pw߳(��GG�`W��B��d��d�4P*"ƙP�rj ��N�_e��{g��T�a��w��-��S�|�_e��[Zk4\ ��Fm0h�uE2@��y��@C��<�ͬ��,�`��hr>��Ў|�IH,�z��I�be1�R��E�VC�B1"��d�<�R�ܜ$C�� wZ1'�]ᱏ��+x_3��9�^��+>(�ې��U��M�By�2#��^W��g8��[+t��&__��9�� ;��0OM��1ݼ�� e*��d|�h��\��#V��I-� ֙~�=G��h��C��1��CnP�J��x�q��/�Dr��B ��Ձ� 7��EY��&�g��1��R�X�C<?��؃��tӳk=��֚�y�OaoO��'2A��O��H�Ҝ��O��%��d~�L݂�) �e��ք��b��SH��tI��j��^-��$��~ͦ1��p�6_SV1m��r��b/�O�� S��<gm�'�`z�U��3�qdX�B��Ǎ y��b�@�qT��䣈�Q��E�;�w��U�WZ��n�Њ�$�/Z1��@=�V2P��D�eL:��e��ls"��a��5Ӛ�S1P�!��6�ZY�+�tNǣ��Jĺ��a�U.޾O��Ad��e��a��{$��k��7T�B%H|�s��t��T�(M��p��8Ѥ��2�K/qy��ͷ�toV�'�u��jE�gR��P�|"!�RW�7��_�1��Mۍ�N>)?��q��ˈe�oϕ)�� s�C��*! u(�a �DK0�$�5M��P�X��F��qTy��Y�z%n.��0ܟ ��$�t�� F�v�� 2؞Z M�_�LM��ۈ.��5JLk�N=(?2��&:3㎒��r,"~C��d��E`��#FČ�� [�lq�<��+{MY۸��i��q�a�c@;Yv&�#Q�: θ瘺0�1�<D�-�Ϊ�z`��;��5� �^��J�)�w'� Ci}��2G��4��k�O=C0oy�s�8�r6vy��g:�Q�5�=r�b��LE��{�y2��X�7Ⱥ<"��SҀW��S!q}j�.��蔍Z��UDH��[��O+{� ��q\ӹ��a_K�/6�L`t��d>3p,ޘ��S��*Ԏ=.��)��-�<�TQv雓�T ��H��F&'��Q��&|��uH��c�F��vz�� D5��xowD0y�Pjm�D3�>I J^`�o��o��;�0۞��!�}iސ��=��T��p��zb��:�У//J��i*#�s�O �En�t1QNϛB�EyCR��oo��b��՞vtb� �w/F2��B7��D��氂�&�^��sf�>�G{��.�X�<��=ޫ�O�v�홵�*��R֝��[c=̥(B{�E�( t��]s(H1��n��!��W��~ړ�g)��Mis�y��PC�*��}�(� ��-F��)?Wkf�iQ�ڎy�W��<qWx�u9��D�k��|��X�R�Uq-��l�ἤ��&��<$��,5�}XnF�b�p�^,)�`��>��.ig�kp�q��z��N�Nb��=�4��Ϛ!�,��`�'3��{��[��<r��ǁI+��a��=,�W��St�b��%��i��vFf<F @<?�!�|�.)Bp�sa�/g��Jy`W��5B^HM 2%��[t:~!܁��|��)<*��,�vb2{��[�B��۴C|[��2��0�x�-ᡨ�G�TI�E�i��-a9�9��\C�"躯\�� .� q��y`Q%qAx.^~,h]ҷcN��ο��,�H(� F �Yѫl�e��\l��}7�`ƏL�� <��|e��7|ˤz9��_&˹�ܷTȥq�fF��vN��(��G@Ƅ�vm�`�'o��Y}�Sjeہ�"��3��w�yH�3��Li(&�j�ĝ��+��e��4��h��űA,�򈫰R�j�Lz��as��I^7>�<��Q�͇��ov��O�9I��fN�⣓�xc�l*��ޓ��T��&�U`:��檅x�ι�˱i��zy@f�VxfW��p�ڳDm�<�2��( �ژ��!�zA&��EX��0��`�AzFS�� oq�1��Q%W;2y��W�L̬��7_�S�Z�qD�ܜ��)�b�c�_ЏY��}��&A�7x�7�HZr/� 8ӟ�LN��?��%o�奕�P.��#��~�˫_i�/�;�?�=��vMk�Ũ�Q^R�Ji#ik��֒v��ZdбN�"�+��'�^?��4�wʬM�@��D�dn�"��'ƿt��%�&��:kS��p�p�>W"l��k'-��vQ��m� u��?MdU� ռ��m��w��q��%�6QH@7\#^�:��E��C��&%w.r7oU� ��-�L�U��Ȁ^A�KșvҺ�@m��\A��^��f�W��Ӑ^.�q��F�0<��o �0\��B�Vf"��8c%h��55b� )漤Z��Ħ ��s�]��md�]�N{��́҅��5��?��9;�!��ލ�lƫU��,��V��(�v��A��;�ٖ>�ԛ�鉋��CP��Qذ)Ɇ�f*��e�WZ� �jh/��}��csL�} � �v녒��ʥ̡�� ~e=�/m��L+�$�U�@��

Sections

.text
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daf52f9a0fce7040ba472351544e3a74

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 23KB

.data Size: - Virtual size: 904B

.rsrc Size: 4KB - Virtual size: 2KB

.vmp0 Size: - Virtual size: 16KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 64KB - Virtual size: 63KB

.reloc Size: 4KB - Virtual size: 172B

.text
Size: - Virtual size: 23KB

.data
Size: - Virtual size: 904B

.rsrc
Size: 4KB - Virtual size: 2KB

.vmp0
Size: - Virtual size: 16KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 64KB - Virtual size: 63KB

.reloc
Size: 4KB - Virtual size: 172B