fefec93e5ab85550519d3c60c78162e278ba70614e078e4ae8d6dc832f89c659

Sharing

Copy URL Twitter E-mail

General

Target

fefec93e5ab85550519d3c60c78162e278ba70614e078e4ae8d6dc832f89c659
Size

2.6MB
MD5

bf42f577587b3dcd89755f0e3d510271
SHA1

933b5e792edf705985144c13b292f2454af8e42e
SHA256

fefec93e5ab85550519d3c60c78162e278ba70614e078e4ae8d6dc832f89c659
SHA512

32bc142a4bcef1fb82b26f7695e554bca7363df9de8cd02a52e78700071c2010f2dff003172d1cdc1c53331a716b18aa4d6dc348190383af506d29751223d2ad
SSDEEP

49152:gH8EP/sxRkt+FIHgqWvrYmPyKFUqfXDaIuTiyJ72Pll:O8EPWWgFIHErYXKFUqf23S

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

fefec93e5ab85550519d3c60c78162e278ba70614e078e4ae8d6dc832f89c659
.exe windows x86

80b220c0ab916fbbb04a553af13edebe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

recvfrom

rasapi32

RasHangUpA

kernel32

ReadFile
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

CharNextA
MessageBoxA

gdi32

ExtSelectClipRgn

msimg32

GradientFill

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

Shell_NotifyIconA

ole32

CreateILockBytesOnHGlobal

oleaut32

VariantCopy

comctl32

ImageList_GetIcon

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80b220c0ab916fbbb04a553af13edebe

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 952KB

.rdata Size: - Virtual size: 2.0MB

.data Size: - Virtual size: 364KB

.rsrc Size: 24KB - Virtual size: 41KB

.vmp0 Size: - Virtual size: 181KB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 4KB - Virtual size: 120B

.text
Size: - Virtual size: 952KB

.rdata
Size: - Virtual size: 2.0MB

.data
Size: - Virtual size: 364KB

.rsrc
Size: 24KB - Virtual size: 41KB

.vmp0
Size: - Virtual size: 181KB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 4KB - Virtual size: 120B