5c2c2a97824728a54c21bc87ceb99fe33ce0990e7f0d9774f68beb6d4175678b

Sharing

Copy URL Twitter E-mail

General

Target

5c2c2a97824728a54c21bc87ceb99fe33ce0990e7f0d9774f68beb6d4175678b
Size

3.9MB
MD5

185cbdcf5076c985174145898ecc6264
SHA1

ab03262c249f09e8a843e19a6d8204c47e54d6f0
SHA256

5c2c2a97824728a54c21bc87ceb99fe33ce0990e7f0d9774f68beb6d4175678b
SHA512

b0b201a2a70359ca986b67b0d633dd3aa8652da2caa58677137320a7849ccdb18d343e56670aa76e4c55042ee727ed80b99c132a6875092a2be2b742bdd6aea6
SSDEEP

98304:Jm/NWn6PK//kW0EEuzi2r6MgPMjtYpyUS8QCgD1c:JkW6PKHvvEwii7mEtNEEc

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

5c2c2a97824728a54c21bc87ceb99fe33ce0990e7f0d9774f68beb6d4175678b
.exe windows x86

80bfd77c50a2eab1fe1d4bd895edf6e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetViewportExtEx

gdiplus

GdiplusStartup

user32

SendMessageA

kernel32

GetVersion
GetVersionExA
GetVersionExA
GetVersion
GetSystemTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CreateStreamOnHGlobal

imm32

ImmReleaseContext

shell32

ShellExecuteA

shlwapi

PathFileExistsA

winmm

waveOutReset

ws2_32

getpeername

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

rasapi32

RasHangUpA

winspool.drv

ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegCreateKeyExA

oleaut32

UnRegisterTypeLi

comctl32

ord17

wininet

InternetCanonicalizeUrlA

Sections

.text
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80bfd77c50a2eab1fe1d4bd895edf6e2

Headers

File Characteristics

Imports

gdi32

gdiplus

user32

kernel32

ole32

imm32

shell32

shlwapi

winmm

ws2_32

msvfw32

avifil32

rasapi32

winspool.drv

comdlg32

advapi32

oleaut32

comctl32

wininet

Sections

.text Size: - Virtual size: 3.0MB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 704KB

.vmp0 Size: - Virtual size: 2.2MB

.vmp1 Size: 3.8MB - Virtual size: 3.8MB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: - Virtual size: 3.0MB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 704KB

.vmp0
Size: - Virtual size: 2.2MB

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 72KB - Virtual size: 68KB