932d594dadb9040a5906a9ec926cde8dd38fdcaf14e77003e218bf95f81dc561

Sharing

Copy URL Twitter E-mail

General

Target

932d594dadb9040a5906a9ec926cde8dd38fdcaf14e77003e218bf95f81dc561
Size

468KB
MD5

76f57c475f842e69b827f50ec0ed2390
SHA1

e6ff5c12f478ae921029109ba74c2733bae7002f
SHA256

932d594dadb9040a5906a9ec926cde8dd38fdcaf14e77003e218bf95f81dc561
SHA512

9403076a6315b3829143d77b0bd0cfab1a0671daec766342b8ee11bf40f00ec41d7d884af96036d69112f80cdb737f646f1bce402ee6323ee2e3257f72f3949d
SSDEEP

12288:lmLNjr+Jk3j4mXUUs4EuH7JG5HtFDxygmxaNE:l2r+u0IUUs4Hg5NpxygmxaC

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

932d594dadb9040a5906a9ec926cde8dd38fdcaf14e77003e218bf95f81dc561
.dll windows x86

1c640446172d3c0281ed4c63f5a1c25d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcp80

?uncaught_exception@std@@YA_NXZ

msvcr80

?what@exception@std@@UBEPBDXZ

ws2_32

WSAAsyncSelect

ole32

CoCreateInstance

user32

SetTimer

advapi32

OpenProcessToken

psapi

GetModuleFileNameExA

Exports

Exports

scanCook
scanbegin

Sections

.text
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 456KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c640446172d3c0281ed4c63f5a1c25d

Headers

File Characteristics

Imports

kernel32

msvcp80

msvcr80

ws2_32

ole32

user32

advapi32

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 540KB

.rdata Size: - Virtual size: 374KB

.data Size: - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 428B

.vmp0 Size: - Virtual size: 40KB

.vmp1 Size: - Virtual size: 37KB

.vmp2 Size: 456KB - Virtual size: 453KB

.reloc Size: 4KB - Virtual size: 176B

.text
Size: - Virtual size: 540KB

.rdata
Size: - Virtual size: 374KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 428B

.vmp0
Size: - Virtual size: 40KB

.vmp1
Size: - Virtual size: 37KB

.vmp2
Size: 456KB - Virtual size: 453KB

.reloc
Size: 4KB - Virtual size: 176B