84fd083f6fbc32d34fbc28765942a27c5277c7ce196d2104ad4dc753de8eb9ff

Sharing

Copy URL

Twitter E-mail

General

Target

84fd083f6fbc32d34fbc28765942a27c5277c7ce196d2104ad4dc753de8eb9ff
Size

1.7MB
MD5

5be5b9c0afcbb87cf249a28700605475
SHA1

aa6b1c8c268c5853d451c62c5f64d700caa9e754
SHA256

84fd083f6fbc32d34fbc28765942a27c5277c7ce196d2104ad4dc753de8eb9ff
SHA512

27a3ed9c3bb7d806d6380f1f420d1811c411e98a4a1c46e657b701625ff50dc373ae8e028af284054531618dbc1865b08ea9d2fc9c2b73d4794eb76ff079efd3
SSDEEP

49152:IzfZVMidbkvoUT2oKBKz1mhDyDT3ntrCDsQZ:alkvo02bBKzU0rCD

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

84fd083f6fbc32d34fbc28765942a27c5277c7ce196d2104ad4dc753de8eb9ff
.exe windows x86

8af26266ab577e6fc796c0acc26e0f45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

midiOutReset

ws2_32

select

kernel32

EnumResourceLanguagesW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetParent

gdi32

CreatePolygonRgn

winspool.drv

DocumentPropertiesA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

SafeArrayGetLBound

comctl32

ImageList_Destroy

oledlg

ord8

wininet

InternetSetOptionA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8af26266ab577e6fc796c0acc26e0f45

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 533KB

.rdata Size: - Virtual size: 783KB

.data Size: - Virtual size: 261KB

.vmp0 Size: - Virtual size: 849KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 124KB - Virtual size: 121KB

.text
Size: - Virtual size: 533KB

.rdata
Size: - Virtual size: 783KB

.data
Size: - Virtual size: 261KB

.vmp0
Size: - Virtual size: 849KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 124KB - Virtual size: 121KB