c86a209c39f484a3189004056e9427e7deb8d3b069ea478ac88071e80593e73f

Sharing

Copy URL Twitter E-mail

General

Target

c86a209c39f484a3189004056e9427e7deb8d3b069ea478ac88071e80593e73f
Size

206KB
MD5

746c021d7f0463cb9d1cd7c8d3207ed0
SHA1

c10e04fe38287bd88b60590a9b26be938d202893
SHA256

c86a209c39f484a3189004056e9427e7deb8d3b069ea478ac88071e80593e73f
SHA512

eb25e4a02badcd5d31036523f2906a7d31a79da5f72f81b174692b12aa2865666d048ad286a0de406cf85a5a618adcb71ba282a199aa019f64013bf70484867d
SSDEEP

6144:BHgNna0w6TZ5gCyCz2oJruZe4s+YxEheSbBu1:Rka0w6v3ypSrWe4sfxEsm

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

c86a209c39f484a3189004056e9427e7deb8d3b069ea478ac88071e80593e73f
.exe windows x86

00b8aade5495620b5f2101ada9d65acc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleFileNameA
GetStartupInfoA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

msvcrt

__CxxFrameHandler
_exit
_XcptFilter
exit
memset
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln

user32

MessageBoxA

Exports

Exports

�_O�'Ĉu�7�Qh�!K��_�`x��nͦO �>��s�^�x)��_$ ��Z'�?.�.%/��jO�&R3l�4s��W��a��qλ%��2�� |��u6i^�hq��C�؛|��%�MF8�Fv��b�r��[aY��{��T:~;Ǥs�P�v� �iwUqZJL�)u�]�a��]ߨ�A��чrK��*;x�0�G��գO8��a��E�"'%1h �&tF��ZH[�3��+ iт�I��7)�W��=J1S��9�ѡP��M�*� �A�y�X"�I�.�%�� )��+X+g:n3{�Q�˩��w"��O��Oj�m��!��L!e8�R��a��4G�)� ��5;)��v�+:�a�u�� z�[[\6*��8�c�3ϣ�ĵ%- k,n�CB\��Ky��^��U��X�M��DVnmB��w��O�kM��J��>T��}B� � ��y��{��$�R5�EaU5�04�F��#e�7��lّ LQ]�a&`��2z��>��⤗;��LGd��Zs{^�2^~��kݭ��Ք��4fZC�*QK �?��s��E�9^�\��U^{�kaqU_� U{��7I�7��f�Ӵ�.S��i��0��$��>�8��m��'ie��W�q!�BmfGE�j1v�-V�C��Z��ѡ�z�� L��C��(=�D̗�ř��;~{�ʣ{۩,�-˄H�d�J;��>lB=B��{q�&�Ky� ]ߚ��J��՗]�SMDMԦ�.�P��R��n��^��`^��{�{O�.� \$Ȑ� �7��陴#�d��7P^��r�P|/�F��i�H̹�Fi��ʺą��p��CdQ� �<��?��1��G.C/ �ڿ�a��a �<s��B�/ &S W��p�d�w��(e��g��s�ߊ�_"�Rj��d�GSx��ߜ��@%,��( ��}V�̙�"�� #��xϓB��W��O�tP�7��mn'Lm��G5V��͓s3D��[��L�F��}��[��t]�<$L�&�2�] �S/�;�M~��t�b1�s bJ�`�x��j#�� v/6�E�w�P�<z��P�nC�/�88�qj��<~(��$�8�X�Nj��g�[G��t�� =��X�� 1��l�}h�8s��C��b�5��1��)m��W�q}y��5� ��a� ��O��|$�w%�}�xS'�%��N, �М��²@��5w� ��Ȁ��[7a?��J��jì�E�ku�݊�ӫ �S�\ӫ�Ǥ�v<��TM�~&�~��瑴��"��c)#��,�X�g�uR��H�Tԟ��u茡d�C $U��\!)�?�;m ��3�>�Mp��]9 ��?�Lmؚ��C��.b��_�Q��^F<��?�&p+�� >!�w2��c��[��7��뮗H�hp&��+��E$�N��9�W��nX�͝~a$��W_�w��m�Rm�?#>�q�� d��R(� ��HV#�n��3��brN��o ՗vM�)_;�FB��8.�ߏY�m��]��钿��l�u*V��ycy��8ܪ�P ��.��Da��,� �F{޹�S��/Uu��tЏ��f��T{��ҳ�n��R�[��Թ_��\�L�g� ҧ/7U>,Jtd�qc6��@q��[�Q��{�t�v;�A��I��m4��X��]uZ�T��K��'��_��7�-:!e�3z��<�6�*�]1-�79f��g��+o��SP�.� ��:��x(��z�/��4`V�U<M��:�F��L+"-ϩ��L�~��@�zX�qV�5�&�t7��?��^ʰ��E|�+\��omq��=�4��C�:(B4��A�q�� =�ى��ymd�w�gko-Uu��cyY: �`'6�,ƅ}�RSCl��p\"o[��)�� o+� ��4�!V��K>'{�m�=�WZUAr�$)s3F�RrT��W[�%Zæa��d��x�p:"p��o+�� -U? ~�p��B(U�񟒥��y) ��&52��广,A1��eGSe⪰ [x�Wn6Z�s�}I6z Ol/��|\��D֪I&hBhN�ih:�jkF~�~��jc�Ӻxid=>Y��)#�JL��n��+��JV�<X��I�c%��W��j�r�s2u��VX�e,<��6�!�K[��2��z�<��R��Ow@��&>�)8vS��!��6��P�rM��"��ӐY�;�}�?qQ��j�[�Vl��#\��?u�Ʈ#�l��5گ�$ђ`H͒[��&!��C��5��`�f�jB�M�d�k5e++C\�Y�*H8s� �#~�%��-�7��k�k��1 44�w�@��5��|a��4��y��w0��4�;��t�j�2�BU��'��dH�z#�X:ϩ {�� 5�5��wyNH��C "�Y�y>��9Iu�.�a��]��i#��7! ��$��S'X��!�)3�I*��o��l��Gog�>��u�hJA `�x�ugi��х6��AOe��`��S��vF�/%�ų0.��|sˈ��q�^�I�Q�U0��n�Kwn��<��^�$�m�NL�˸�e�c�a@4>�(Y+TAB�R��X֋��I��9��ܵ�<�G�ȍX��(,(w; �v��fg:N~N��7��_#�R�xf�ϱ{��i�{��y�vG�"��EF��Woi*F�Yh/L�;�kk��

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00b8aade5495620b5f2101ada9d65acc

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 754B

.data Size: - Virtual size: 308B

.rsrc Size: 1KB - Virtual size: 133KB

.vmp0 Size: - Virtual size: 15KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 202KB - Virtual size: 202KB

.reloc Size: 512B - Virtual size: 216B

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 754B

.data
Size: - Virtual size: 308B

.rsrc
Size: 1KB - Virtual size: 133KB

.vmp0
Size: - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 202KB - Virtual size: 202KB

.reloc
Size: 512B - Virtual size: 216B