a1d47cfc3caa4a377fba975090f505c36b46a9d3e2681e00d23e9f32fd99ceec

Sharing

Copy URL Twitter E-mail

General

Target

a1d47cfc3caa4a377fba975090f505c36b46a9d3e2681e00d23e9f32fd99ceec
Size

1.7MB
MD5

55a0ed0e599474b0565df4ccf979e300
SHA1

9b6676ab07a3e556db44597878facb3d1005200b
SHA256

a1d47cfc3caa4a377fba975090f505c36b46a9d3e2681e00d23e9f32fd99ceec
SHA512

165c3b6aa2600dafa9c22a9f011b99cc21e4295f09282452bded8e8ba0b9e3bb0faa9f34ca71c279f9d6ff895b74ac16ec1aa00c8fbb673716877cea98076ab2
SSDEEP

49152:n129oSFiVwA0EVrZvoHwot72bQFzb9wukcD9HY/r:12mSFqTrZvaw47FFzb9GYm/

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a1d47cfc3caa4a377fba975090f505c36b46a9d3e2681e00d23e9f32fd99ceec
.exe windows x86

a0c700fdf5d1a79a74d4b0edda8d1b6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess
VirtualProtect
GetModuleFileNameA
ExitProcess

ntdll

NtSetInformationFile
ZwOpenObjectAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
NtSetSystemTime
RtlAddAccessAllowedObjectAce
ZwInitiatePowerAction
NtReleaseMutant
ZwCreateMutant
RtlDeleteAce
ZwQuerySemaphore
ZwQueryInformationProcess
RtlRaiseException
ZwReadFile
RtlGetAce

user32

MessageBoxA

Exports

Exports

BeginJelvfswwcx
EndPannyhngfdi
Yblwgnr

Sections

.ldata
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0c700fdf5d1a79a74d4b0edda8d1b6e

Headers

File Characteristics

Imports

kernel32

ntdll

user32

Exports

Exports

Sections

.ldata Size: - Virtual size: 4.7MB

_PAGELK Size: - Virtual size: 1.5MB

.idata Size: - Virtual size: 7KB

.rsrc Size: 25KB - Virtual size: 104KB

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 9KB

.vmp2 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 512B - Virtual size: 76B

.ldata
Size: - Virtual size: 4.7MB

_PAGELK
Size: - Virtual size: 1.5MB

.idata
Size: - Virtual size: 7KB

.rsrc
Size: 25KB - Virtual size: 104KB

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 9KB

.vmp2
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 512B - Virtual size: 76B