a6555f4a49100ba6edb19c789679767a1e5b548be544da29d48beb3ff8666e01

Sharing

Copy URL Twitter E-mail

General

Target

a6555f4a49100ba6edb19c789679767a1e5b548be544da29d48beb3ff8666e01
Size

134KB
MD5

3e567f2166dcdad1e4e8ceaa97d84303
SHA1

abd46d3562196bf2f42057194fbe3761cb3c2eba
SHA256

a6555f4a49100ba6edb19c789679767a1e5b548be544da29d48beb3ff8666e01
SHA512

9cad08c08c0fc3cc59ba8c887cecfebf818c491dfcaf2d3695fa125fa1f90d2ac27aa6659ef79b53f461a521a5fbf7d764fb989599d0d64c1fe03b14b0e27210
SSDEEP

3072:4JJkzrCY18YjsK/kisYEdZ41VY1UN8StuTTSULwNt:Cufn8YjsK/psYy4US8StuTTSULEt

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a6555f4a49100ba6edb19c789679767a1e5b548be544da29d48beb3ff8666e01
.exe windows x86

ba6c7cf06c7ad55ce8ad0fe99bcf6049

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
ExitProcess
GetModuleFileNameA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

shell32

ShellExecuteA

ws2_32

send

Exports

Exports

��7)�u@򾏴θ��5��`�DZ�kV��Y7F�"�6�_��|^��Y��s�J��@��%Ҍ��F��e�K��FI{��͂Q��x�ڼ��,�Dՙ�nj�>��`�M�U��M��LP�k��p�ݝ>![��2�7͆M@ԱT��C25"�6�F�#�{}�T��k�W?�?y+e�PZ�bX%��>N��`b�4�M��dK��-:�c�&Kh��z�&aa�He DLP��(�pzR �KE+�l787y��s�A�>[-�΅��J%�6��4�q��6(��Ŵ�YnN|7J8nY�CZ�!s�+�uy�*�J}�Ts��$IhC)�$��)|b|9��t>#��D�üa��|<ݟ�d��M�'Yl�ث�(iw�[�Qr�KqF�@�9�� O;��<7,[�K��cv��o��G5t"K���.=��K!��Z��!=qJ� m⒑]�@̀�4��?��j��G�.��#��[K��"㦶ޡ3�C�q1y8��|��Q+�ni�".-�)��]Ρi�k��q΢�g��Ҡ�I,F��T��>귷F�_��Ĉ��zgoDz�ٴ�t��:��*��:Ֆ��t�L")O�$*�Ĩ�;Z�zir��c��ʥx�/��m��b��*��8[lJ��r_ooU��&c��1;��"z�m4��6�0G �5!�z��U>�]*\Q�K��j`��G�"�<UW!ܰ��!�0j��h㖺�i�kj}_��\a.xu�B�!� OS�^)6��y M�uFu9V(vڥ�FH��Q3ˋ凂'm.�ښ0��|��m��x�y��p=��'k�u!F~�/�9�J�lF��*x,��ڐv��?)=�L݅��aE:��^��5��]&+j�`D�=M��>�#�Iv��h�ߨ'�i��a$�Oi��+�h��p��O0�n�3� �.��٢�Jj �8�﨔�O�� !fG��n�1�g�eb��?e�>1��j�$�e=~f>ٷ��Hk F�iLe�@�,��X6VMt�7��1 #�sx�鐐�W��A��>�A&J��w]��s�k�pn�Q~s��ɿu$\��f�9��DﻫmN�ʙ�E�Y�n��[��0l�ՔE~�Hׄ��V�_Q��k!��:a��U*fx�>��Hv�x�'��P"�1Q�Z0��ñ��#*��V�D4��^�B�b�V*�� pZ�O_)��2�DLrhQ��䪵�t�+��2�{�v�ۮ-6�d辴�]^~K�3�*V)��ζ�%;,��ty��lǠe �K�:��h��^i��5g�S=��0��%��K9��c�g�L��l�Rǽb��?w��q�-��pZ ��b(i��>�!�+��E��,vC��vk��#�Eya~�d9Ox�J�[��E@�u��<~� ��5�n^��N�kTV�J��1�V㾻��&��M /��Q I�x��)�$F��կ��n#��|��`�]��W��*n�,�Tm��v��aܘ�k��ⲹ��o *�� ǫ8T�Di��egw��^z��RKO䆉A��Y��,f�c�q�,'�V��8�8`��-MAN�2�,��`�m��*>�N=��# �z�� 9l�2��@��Ӏ��D��SR DJec`H�E�*\� �l��j�H��!h;��p��*U��K��M��]�I�� ̶r8f�(h:��l��lv*�5V��}��-w��,9��R� ��'oԃ~�m��:U�@6�A��_��$��Gu?ґ=�wG�?��G�7�t�n� �-I�6�(�R;�L�m� ��XCoP�r!�E��\V�DY��E9�;�ʹg\��f��:�L��Qj�L��A��ܻ,!L�e�񸰾|�Dҟ��"0��(�3<�I�.b`k9J��F��G[k�h�c9��?Ŧ�|:��1lȏw�s�V�EG�?T��o�#�.M�cG��/��02�mn�.� �|2�8s^�5^�6�@�I��s7&��Aq�O0P�>�5]��svtg��Ѱ1&�� HVb��G��֍��v��9��ȩL�ߘ2�ΰ��N3�0.6��ח��𺉗��g<�IM��GC�ӣ*�[�R�X�SFs��R:�W Lq��]y��D�l\O�K>��u�� ]�U;�;8 �v�5��㱾~�3K!�-|�|��L '��݀��7Q��j�� =+F8%��$Cn\��y#�:ј� ڕ�fŦ��|�&�;\m��l�(ܘO�[S��E��`(-��R[n��Q�(�c��%q�#޷��_�*%��1u�Q-�e|��j��d-%2��i�4A"�na��%<{��:Z885�G�*uY��t�8��Ĵ��MZr��n+)*sf�a^Ӷ��:�Ș!P�%㾫��!hUjp�n��O*�I�ui~��܃ O�@��e��n��R5u��+c��$Fh�U�{�=��g�T��"��j�k�o 7�a�>#�7oh��Υ/z�D�ax�#�\2!�+�B��BP/��Tm��)�QA)ۼ�UO�bF�h�M�Y��|�m�9��F�߿��T�J��C��d��k�}�,nl+ ��U��7 �3B):�@��K-�jOK�o�IZ��=H�!�ʰx��7=̚��>o�1mZ�&��>�0��Â�=0��_{W~s�nIF�>�jRj<5An��#�,n��-�g^��KGc�+�tI|a��i!��؜r�񁜵\�a�eO�ԣ��$��d��،�/Skz��%�=��Q��9�/b�2��a�|F�F��'��`��L��?�

Sections

.data
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.��
Size: 301B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba6c7cf06c7ad55ce8ad0fe99bcf6049

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

Exports

Exports

Sections

.data Size: - Virtual size: 120KB

.pdata Size: 43KB - Virtual size: 43KB

.ex_cod Size: 4KB - Virtual size: 4KB

.ex_rsc Size: 5KB - Virtual size: 5KB

.�� Size: 301B - Virtual size: 4KB

.vmp0 Size: 34KB - Virtual size: 33KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 32KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 280B

.data
Size: - Virtual size: 120KB

.pdata
Size: 43KB - Virtual size: 43KB

.ex_cod
Size: 4KB - Virtual size: 4KB

.ex_rsc
Size: 5KB - Virtual size: 5KB

.��
Size: 301B - Virtual size: 4KB

.vmp0
Size: 34KB - Virtual size: 33KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 32KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 280B