6356620b2e7dc8472c559c1b98bca40c4a4f384e688f7a66ced03b9cf30eb635

Sharing

Copy URL Twitter E-mail

General

Target

6356620b2e7dc8472c559c1b98bca40c4a4f384e688f7a66ced03b9cf30eb635
Size

1.3MB
MD5

cc719d8997108a684f8b2ba04127a158
SHA1

f2d000d6dea738b4d985de49f404ed2b55284e06
SHA256

6356620b2e7dc8472c559c1b98bca40c4a4f384e688f7a66ced03b9cf30eb635
SHA512

02a8ff8738ce755669a7bbe98d90a5eac3441cb4a11a38e7299e13077d8ed988b14e1428328ce861e2947ac33dd12af5ba52ab0abde68309357b6b6d3a3fc71e
SSDEEP

24576:vGoxE8mdhhNgBjq/L5bimvguSYdf4ulCKBJRROKQ4CFJXjhj+vp4G2III1IIaS:vsh7gQfvh9O6C7Xtmp45III1IIaS

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

6356620b2e7dc8472c559c1b98bca40c4a4f384e688f7a66ced03b9cf30eb635
.exe windows x86

cd1617685ca3376a5635a267fd83f2ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutPause

ws2_32

WSACleanup

rasapi32

RasGetConnectStatusA

kernel32

LocalReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMenuItemID

gdi32

StartPage

msimg32

GradientFill

winspool.drv

OpenPrinterA

advapi32

RegDeleteKeyA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

wininet

HttpQueryInfoA

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd1617685ca3376a5635a267fd83f2ec

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 520KB

.rdata Size: - Virtual size: 599KB

.data Size: - Virtual size: 293KB

.vmp0 Size: - Virtual size: 829KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 132KB - Virtual size: 128KB

.text
Size: - Virtual size: 520KB

.rdata
Size: - Virtual size: 599KB

.data
Size: - Virtual size: 293KB

.vmp0
Size: - Virtual size: 829KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 132KB - Virtual size: 128KB