3d1f329005610e78cfbf4bb488367aa9eed6b83ff01e0ee073813a5fc57003db

Sharing

Copy URL

Twitter E-mail

General

Target

3d1f329005610e78cfbf4bb488367aa9eed6b83ff01e0ee073813a5fc57003db
Size

2.7MB
MD5

f8f2ca60f579288212f3f8ea657c893c
SHA1

8ca38873d2fe51866b2d7d54d10fcb796bfbf3bc
SHA256

3d1f329005610e78cfbf4bb488367aa9eed6b83ff01e0ee073813a5fc57003db
SHA512

8ddcfda8976ef49f707409ebc274f074d2b5ebb357208819fcdbfa55aa8741f74ac6f2572e2df71fde632363668b2409769c9e40a6d456548879e4ad7f7f0fdc
SSDEEP

49152:SSkbPhNQORIdkTmYkrs1pH9D88XA1UD4YkSjeXHpeAi6oe+8qe:SSkd2ORIdwZB1t9D8WAeDNFjZ6

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

3d1f329005610e78cfbf4bb488367aa9eed6b83ff01e0ee073813a5fc57003db
.exe windows x86

cb38baa3fb76d6f040bedd338c0559e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamClose

ws2_32

setsockopt

rasapi32

RasHangUpA

kernel32

Sleep
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClassA

gdi32

GetTextExtentPoint32A

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ord17

wininet

InternetOpenA

comdlg32

GetOpenFileNameA

Exports

Exports

1��?!`��HM�Z��(��Ap��;��w��&�\�Yo� �� u��M�c��3V�i�� 2Ft5�.�D�n�d�F�F��x�kAK�!��0kW�=n�V�s��4��X+��?ۖ��Y�Uh:�d�vPc�f>��)�?�be=ȑ��rQk��\�_�ܰ��1��g��/�H8�g��?ui�4��Uo!��ߑ��85�~��/��e��x/$��7�te�b�+I\ ��cYV��؍�.�^�l��'lK�Lg��i�m�k?ۗ��K��j5J9� � ��7+�ߣZ��Գ��3�7�?O�mK�5L��RX�1��gV��yg9!�?�#��;��ğo�뛞q��Vt�Zסl��S��+3��~��]5C��b��O�oL��S�T1ig��3YB��ӿ��8�9P��*6Â��a��9=�G6��5)��Ò�:.#|\��+'�7��A�&>K�8��Ω(��o��7�q��f� J��d{�s�.�}��,�*��(��7�O�Z��gDX��=z�} X΁>� �[3��=��?��޵7c|F�ߊH��m]�j�� {_�g��r��!��A��X"3c�'bܘ֐N)A��oÁݡ-o6��_�f�|{D��om6ץ{j� v)xh��8N%c3`�8c��O�k��J��v u&ev�JҚ� ��j�ڎ�P��K&3�@@|��g-��Z�{ Ʃ�ÿ�Ɓ��t��"�@٣�;:�ڸ"��j>��4@ߵ]�� 4��/��,��B/M3\?RG��a�>�I��x -d��؂p��sޢ�M"U=q��Z��Ax�`T8$_�c^�!��q�&��z�r�Z�VT��I[�}R�wNz�К�Ǯ�YCr��B�@��O��O��Ɍg��bs`n2��i{ԶM��<C��4u{�]��c�w��FRԅ�猋e.�� x�.�\<�!:��Ǹ�A" q��E^�^��!�O�l��a�)9�5O��Ij�L�tů��m� t��)U��]}��MUt"l[��3#8vC�}Ƌ8闷��-.|4��y?�',+T,8ĉ �Z|��[��}~/�yj*uv#u5��x,��S�=M�~�3`��6[�ਐh�C�H߰!ᢣO�0H�^B�2��o�� 5uo�R��1��d��u��j0��SA��&֬Z��T�TQ��*�ֶ�d�FmS� ;r��26�^�FUX6�G�׹"_��F��B��!�#�[��m�F�\Ү�wy�NO�;-�<�$EO��Z�a�Zq��!��")�i�9�^a�_�9D�Fl8��s�;�U{��"8zl*R��p�1dp�Ww;��H��Y#ꟿc3P@��VD!Ь�D��3M��+��A��?�H�o��D3ͯ6^c�-��sN˝�7�6�Z��}�Zq��yY�2{4m�58�/��&ѷ�Mռ'��Q��Y�,��C$W/��J��.�)j`w��/��T��q�,�ISO��,&�f@V�:�P��tPNZQf�";bz4V��W؃Q�(�O;�w`̉ta��B��?�ͅ��B4e= ��[�䓤��"��ۖ��:M�joĤ�Lp8��U :O��+.�b��y�<l�X,Hubo��־��|�L�DN{��'!�` ��f��!q�Z/��Fk�}�~D*$��t��q*6P�ΎS-7Ɋ;�=��DH� �"��4.�a|v%��e�T.ɕ��RD~��0��3pE��#o��pYE�q�b[��}{�l��>�;��R(@�^�p��p��#6��9U�-Ǝ��ύ ��"��X�e�?��-�Ad�,/�+�u(T�>1$��<�Λ�,��b�QRqDG}-��k�� Шl��P�2h��?�T��uhCϠ��%��8+�Q�+d��z�N�T��ƙ�cs.�"W��0��]j�.��D�.�[ܶ�pl�w5BI{S�} <0��d��ܱU��p��\}�b-7]�,�Jnn}L��3�� =�ɍ��rH*M�Q�F��~��d�:!`8��䌙h�q��sn�rr��,6�� P��N俣�F�X��3{�� /.o�)��Q� ��nȁ® J�0$�nۜy�w��L��=�T��(J�H��-��42�3��Λf`VE3�05��)'��j��I��O��݈>S�ʴ��Aq��F��,�w�5ݑm��ڙ��Lhk��x�Y�,��{,ȫ^o%�hO��r��ΤW}��q/¢��!I��-�=�U�j�AI��9H=��Wⵁ�^�� +��X0b��j<�ƠA�BL��z)AcD�zr[aFkRn=��e�\uh�q��$�h�J�X��/��.�7�~Qb�$�c'�@i3)��2 ,�.أ��$�*��e��2d�?�d�b��3��;�ᔆ�ژ�r-*��Hm��?OHXL�W֕��70��A屯�i�%w�vƪ�6��/��1��ݡU�):��!�VU��l��]׾��b��/n��#"y��|0)��)nN��W}Ov�3�a}��7�(tP�� P �8��:.��0�V��$b7��N��t}@b�j�b(|~�7�9d��/�G�Cɽ�oĐe�b�H��i�ҋ >Ow��6�X��هa�i�7��)�Ni�O��q�7�s4+4H�\��/��V �u��{Ip.��0�9�D��n�k%i��r8]��G��B�~K'�U_�i��}L�� H �թfm@��H�B� ��

Sections

.text
Size: - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb38baa3fb76d6f040bedd338c0559e9

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 585KB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 281KB

.rsrc Size: 104KB - Virtual size: 117KB

.vmp0 Size: - Virtual size: 337KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.text
Size: - Virtual size: 585KB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 281KB

.rsrc
Size: 104KB - Virtual size: 117KB

.vmp0
Size: - Virtual size: 337KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.6MB - Virtual size: 2.6MB