81ae811b74543b74cbd58aff76da4e0dda55ac87a92ecd5070fac1e098916717

Sharing

Copy URL Twitter E-mail

General

Target

81ae811b74543b74cbd58aff76da4e0dda55ac87a92ecd5070fac1e098916717
Size

3.1MB
MD5

2d72834374c16f83544b488481d1854f
SHA1

1c463ba5f93b3e3991676679317ca49585504512
SHA256

81ae811b74543b74cbd58aff76da4e0dda55ac87a92ecd5070fac1e098916717
SHA512

4aadab6fb0fb12c5d29de5d582fe3623b7d914b6008482274dd263a4ccaf1d89276606e56c81832351a0d3d5b98e130f5d0141e230159bd090a7440cffff9aae
SSDEEP

98304:1mdhxNTvZEI11nnkBciwHcvKIqTK5GBCHFHcy9VjD1mm3U:1AhjVhn2bjvzNHZcgn1mp

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

81ae811b74543b74cbd58aff76da4e0dda55ac87a92ecd5070fac1e098916717
.exe windows x86

4c9dcbabb7c54154c54331fd5a4571ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow

kernel32

GetVersion
GetVersionExA
GetVersionExA
GetVersion
GetEnvironmentStrings
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

OffsetViewportOrgEx

gdiplus

GdipLoadImageFromFile

ole32

CoCreateInstance

imm32

ImmSetCompositionWindow

shell32

Shell_NotifyIconA

shlwapi

PathFileExistsA

winmm

midiStreamOut

ws2_32

send

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

oleaut32

SafeArrayCreate

comctl32

ImageList_Destroy

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c9dcbabb7c54154c54331fd5a4571ac

Headers

File Characteristics

Imports

user32

kernel32

gdi32

gdiplus

ole32

imm32

shell32

shlwapi

winmm

ws2_32

winspool.drv

advapi32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 3.0MB

.rdata Size: - Virtual size: 447KB

.data Size: - Virtual size: 637KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: - Virtual size: 3.0MB

.rdata
Size: - Virtual size: 447KB

.data
Size: - Virtual size: 637KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 24KB - Virtual size: 23KB