dc2953d8d71ef175dba0aa7e340469a2ae5817f5cf7e09dd865ca4c7adbea453

Sharing

Copy URL Twitter E-mail

General

Target

dc2953d8d71ef175dba0aa7e340469a2ae5817f5cf7e09dd865ca4c7adbea453
Size

169KB
MD5

be1fb93cb46f4986af91f951e9cca952
SHA1

5b154a8d201fb03df68bd8bfe8a9ea0eef93b4f1
SHA256

dc2953d8d71ef175dba0aa7e340469a2ae5817f5cf7e09dd865ca4c7adbea453
SHA512

0a78e1788db5ef338c658dd587404de174b46c06ca2c45e09193fd150fc459677be17159e27543b07236826952e44aeebc65a18f833af7c5909459b1efa3c95c
SSDEEP

3072:oSGAv6qhNrGctDRpVrXUAwP8vcmkSvul2E4hdJqBFVC4NmmJg21Zz85Z9yDlXC:nGBKjXpBSP5SCGIZCeJ5nzRDVC

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

dc2953d8d71ef175dba0aa7e340469a2ae5817f5cf7e09dd865ca4c7adbea453
.exe windows x86

3cf09eff0ee9b52b0dba84493f9c0430

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
TlsSetValue
lstrcmpA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
mouse_event
MessageBoxA

advapi32

RegQueryValueExA
RegSetValueExA
StartServiceA

oleaut32

SysFreeString

gdi32

SetDIBColorTable

wsock32

WSACleanup

shell32

ShellExecuteA
ShellExecuteA

psapi

GetModuleFileNameExA

avicap32

capGetDriverDescriptionA

wininet

InternetReadFile

ntdll

ZwUnmapViewOfSection

Sections

.nsp0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cf09eff0ee9b52b0dba84493f9c0430

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

wsock32

shell32

psapi

avicap32

wininet

ntdll

Sections

.nsp0 Size: - Virtual size: 156KB

.nsp1 Size: - Virtual size: 64KB

.nsp2 Size: 2KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 108KB

.vmp1 Size: 166KB - Virtual size: 165KB

.reloc Size: 512B - Virtual size: 84B

.nsp0
Size: - Virtual size: 156KB

.nsp1
Size: - Virtual size: 64KB

.nsp2
Size: 2KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 108KB

.vmp1
Size: 166KB - Virtual size: 165KB

.reloc
Size: 512B - Virtual size: 84B