69743e3959df0f336b9fbd7716460866881cf2ab52a8e4da9785936c4adae982

Sharing

Copy URL

Twitter E-mail

General

Target

69743e3959df0f336b9fbd7716460866881cf2ab52a8e4da9785936c4adae982
Size

1.6MB
MD5

b8b1b658fc530d071373fc9e00088d99
SHA1

48a1b5eb22f32a136586b5f21059c37c05671523
SHA256

69743e3959df0f336b9fbd7716460866881cf2ab52a8e4da9785936c4adae982
SHA512

a95cbe588fd2c1596b6861f8622614bd9c295e8a20b09846cadf5b231226359ccc08e716b9398e2fa2456624527b04a505a8cbc572d0dbd721525ff84fdfa71f
SSDEEP

49152:y1+o9pj+c/KzcTrnh2Aax/t7kQW6xTAX:pspSc/KzcTrnh2Aax/tYlQTA

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

69743e3959df0f336b9fbd7716460866881cf2ab52a8e4da9785936c4adae982
.dll windows x86

d5717180e300dfd5c0050d8913c0b1c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose

ws2_32

WSAAsyncSelect

kernel32

LCMapStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsWindowVisible

gdi32

RealizePalette

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

DragAcceptFiles

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Read

comdlg32

GetOpenFileNameA

Exports

Exports

��DLL�ӿ�

Sections

.text
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5717180e300dfd5c0050d8913c0b1c0

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: 668KB - Virtual size: 666KB

.rdata Size: 176KB - Virtual size: 173KB

.data Size: 64KB - Virtual size: 241KB

.rsrc Size: 24KB - Virtual size: 22KB

.vmp0 Size: 92KB - Virtual size: 90KB

.vmp1 Size: 512KB - Virtual size: 509KB

.vmp2 Size: 96KB - Virtual size: 95KB

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 668KB - Virtual size: 666KB

.rdata
Size: 176KB - Virtual size: 173KB

.data
Size: 64KB - Virtual size: 241KB

.rsrc
Size: 24KB - Virtual size: 22KB

.vmp0
Size: 92KB - Virtual size: 90KB

.vmp1
Size: 512KB - Virtual size: 509KB

.vmp2
Size: 96KB - Virtual size: 95KB

.reloc
Size: 48KB - Virtual size: 45KB