d08166db2bfb2665d54e8f879d1f1e4ee065829fb8d5dfb800be09f98e26c642

Sharing

Copy URL Twitter E-mail

General

Target

d08166db2bfb2665d54e8f879d1f1e4ee065829fb8d5dfb800be09f98e26c642
Size

1.2MB
MD5

4c0a36a634d680ca144413a0de9269df
SHA1

9f325352be4af865a7691c6e504dc8f550145bc4
SHA256

d08166db2bfb2665d54e8f879d1f1e4ee065829fb8d5dfb800be09f98e26c642
SHA512

78f338dd4fc928689c8b78ef7c9587b4872bbf9f710e610bbf82094dcecf71a453e8df5bda26c8df814dd2d0cbfdc2bb8980bcc8e2facb95106460deabb0784e
SSDEEP

24576:x9OzvYgfXLeMn+ilzPCo9gb420fjhcNDWHOsY8PVuTaR0Eo7RgFQIEqV:bCv9fXLzrlO1bD0yNDW7xQaR0TtZIEqV

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

d08166db2bfb2665d54e8f879d1f1e4ee065829fb8d5dfb800be09f98e26c642
.exe windows x86

9e1930250d87e2a4b7c2d22f3160be07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

GetForegroundWindow
MessageBoxA

gdi32

GetTextMetricsA

winmm

midiOutReset

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

inet_ntoa

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e1930250d87e2a4b7c2d22f3160be07

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 451KB

.rdata Size: - Virtual size: 856KB

.data Size: - Virtual size: 194KB

.rsrc Size: 12KB - Virtual size: 69KB

.vmp0 Size: - Virtual size: 127KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 188B

.text
Size: - Virtual size: 451KB

.rdata
Size: - Virtual size: 856KB

.data
Size: - Virtual size: 194KB

.rsrc
Size: 12KB - Virtual size: 69KB

.vmp0
Size: - Virtual size: 127KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 188B