a2065a9fa8755039ccd980da233da1781799058aced4ea378430c0456f54c946

Sharing

Copy URL Twitter E-mail

General

Target

a2065a9fa8755039ccd980da233da1781799058aced4ea378430c0456f54c946
Size

111KB
MD5

ea620d77827bb48ae913d5119cc79dcd
SHA1

29fb5203b8c35fa8ce1b9e936576d82f563691e3
SHA256

a2065a9fa8755039ccd980da233da1781799058aced4ea378430c0456f54c946
SHA512

e50dfba2dc627cc0354c727337a0af4e1a4333a9dfd02194300d49c599527885f20acf20e2d631a3188fcad0f8466a6913a012e83d0a95e25f6fa51082d85deb
SSDEEP

3072:CtlPYSc9ZCxgExbT+Mu8VZDMHWaC+58mKwzS/17Y9f10y:EP+CGMuMu7H+5A0y

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a2065a9fa8755039ccd980da233da1781799058aced4ea378430c0456f54c946
.exe windows x86

868bf7ce1327514b08b8152a10c6b424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcspn
atoi
srand
strchr
strtoul
strncpy
memset
rand
strstr

kernel32

CloseHandle
WriteFile
lstrlenA
CreateFileA
lstrcatA
GetTickCount
GetTempPathA
GetModuleFileNameA
LoadLibraryA
InterlockedDecrement
InterlockedExchange
Sleep
LocalFree
LocalAlloc
GetCurrentThreadId
CreateProcessA
SetErrorMode
CreateThread
CopyFileA
TerminateProcess
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
GetProcAddress
SetFilePointer
GetWindowsDirectoryA
DeleteFileA
ExitProcess
InterlockedIncrement
CreateNamedPipeA
VirtualProtect
ExitProcess

user32

wsprintfA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

sendto
WSASocketA
htonl
WSAIoctl
recv
__WSAFDIsSet
select
WSAStartup
setsockopt
closesocket
connect
htons
socket
send
gethostbyname
inet_addr

Exports

Exports

ServiceMain

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 786B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

868bf7ce1327514b08b8152a10c6b424

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 7KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 184B

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: - Virtual size: 786B

.vmp1 Size: - Virtual size: 76KB

.vmp2 Size: 109KB - Virtual size: 108KB

.reloc Size: 512B - Virtual size: 116B

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 184B

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 786B

.vmp1
Size: - Virtual size: 76KB

.vmp2
Size: 109KB - Virtual size: 108KB

.reloc
Size: 512B - Virtual size: 116B