ef9615b42726fabe9d7f8b716c0259ea271e97e7c44914b7cba51af1675f38fe

Sharing

Copy URL

Twitter E-mail

General

Target

ef9615b42726fabe9d7f8b716c0259ea271e97e7c44914b7cba51af1675f38fe
Size

1.3MB
MD5

d7dec9e99b2de075fa03759fbb2288f3
SHA1

86e8e0b1b8fad39d6998a895e8ee77ff5655b19e
SHA256

ef9615b42726fabe9d7f8b716c0259ea271e97e7c44914b7cba51af1675f38fe
SHA512

fc82c7c939bdf70ee03a61bee269db60c46d27655c62dcd9afcad7bbc42b4e60dad77e973d39c58517c08b6f3f2dc4a2eb2e84ef31845e88cd379d0cf371e135
SSDEEP

24576:rBrby+zX2zUTEMPPu68jxsAu9FgsGHl6iWfmg84a5CzltvIpABN5kP6R:rBrbXzXSAEMnPcmfgdg+g8twvBNK

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

ef9615b42726fabe9d7f8b716c0259ea271e97e7c44914b7cba51af1675f38fe
.exe windows x86

f0f20cdca576fa2177582c23bcde33f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

winmm

midiOutReset

ws2_32

inet_ntoa

kernel32

lstrcmpiA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowPlacement

gdi32

PtVisible

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

CoRegisterMessageFilter

oleaut32

SysStringLen

comctl32

ord17

oledlg

ord8

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0f20cdca576fa2177582c23bcde33f6

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 523KB

.rdata Size: - Virtual size: 1.4MB

.data Size: - Virtual size: 224KB

.rsrc Size: 88KB - Virtual size: 101KB

.vmp0 Size: - Virtual size: 385KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.text
Size: - Virtual size: 523KB

.rdata
Size: - Virtual size: 1.4MB

.data
Size: - Virtual size: 224KB

.rsrc
Size: 88KB - Virtual size: 101KB

.vmp0
Size: - Virtual size: 385KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB