005027dea9b3a45350643f675a0ee3a36bb09b74f2870e09966f8dabf72db535

Sharing

Copy URL Twitter E-mail

General

Target

005027dea9b3a45350643f675a0ee3a36bb09b74f2870e09966f8dabf72db535
Size

1.6MB
MD5

9a4d7b8107657d74ec0a4b199058f36f
SHA1

ef75e77bbef5bed696d777e53b8f41a3b1cd7f47
SHA256

005027dea9b3a45350643f675a0ee3a36bb09b74f2870e09966f8dabf72db535
SHA512

9bdc45f3aaff5113666b1828aa95eca9976b63c0a2c2678616df49da49f509d5793921b0070651177c0f083c207f5d2268f7202384d58c5b88e104614762a296
SSDEEP

24576:KNqr3cPDI1INJPKw2yB4nJsklkR/lBgvd1CHoDNvY8URYUe5IAKfCz1oTiFrkb/Z:A+cLOIzfVPEk1lBUkygw5dK+1oW0a2

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

005027dea9b3a45350643f675a0ee3a36bb09b74f2870e09966f8dabf72db535
.exe windows x86

302ff323f8586095a3a600f845bec220

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

mixerGetLineInfoA

ws2_32

WSAAsyncSelect

kernel32

GetProfileStringA
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetMenuItemCount
MessageBoxA

gdi32

ExtSelectClipRgn

msimg32

GradientFill

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CreateILockBytesOnHGlobal

oleaut32

SafeArrayUnaccessData

comctl32

ImageList_GetIcon

oledlg

ord8

wininet

InternetOpenA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

302ff323f8586095a3a600f845bec220

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 951KB

.rdata Size: - Virtual size: 2.0MB

.data Size: - Virtual size: 419KB

.rsrc Size: 16KB - Virtual size: 34KB

.vmp0 Size: - Virtual size: 201KB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 4KB - Virtual size: 208B

.text
Size: - Virtual size: 951KB

.rdata
Size: - Virtual size: 2.0MB

.data
Size: - Virtual size: 419KB

.rsrc
Size: 16KB - Virtual size: 34KB

.vmp0
Size: - Virtual size: 201KB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 4KB - Virtual size: 208B