eda215c6cdd25e64b4b562338cbf557902be553f83e5ee1bbbe7dbd787cc4746

Sharing

Copy URL Twitter E-mail

General

Target

eda215c6cdd25e64b4b562338cbf557902be553f83e5ee1bbbe7dbd787cc4746
Size

256KB
MD5

5a17a50d1fa38bfef2651c292b8db456
SHA1

ef47532363fdad1e46056ff8992cfe5c7a4c253b
SHA256

eda215c6cdd25e64b4b562338cbf557902be553f83e5ee1bbbe7dbd787cc4746
SHA512

b82fe738ec16c0dd99145514d011cdff7ae6ed456a18d551ba3ca43c733e68ae2051d2c77ce2799ee108bf14f577d5124d92e8976ce31af70011325655c0e9b8
SSDEEP

6144:JNWzTXeHi6HM84zEtfwEwM0bgyCCZc27w:JAzTuHt4zc+ne

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

eda215c6cdd25e64b4b562338cbf557902be553f83e5ee1bbbe7dbd787cc4746
.exe windows x86

15e0cf6a3f823cd17021bf038ed0145c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
lstrcmpiA
SetUnhandledExceptionFilter
IsDBCSLeadByte
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
WritePrivateProfileStringA
DeleteFileA
SystemTimeToFileTime
GetLocalTime
GetTempPathA
GetTickCount
GetPrivateProfileIntA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
WriteFile
GetNativeSystemInfo
VirtualQuery
GetSystemDirectoryW
TerminateProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
LoadLibraryW
FreeLibrary
CreateDirectoryW
CreateFileW
GetCurrentProcessId
FlushFileBuffers
Sleep
CreateProcessW
GetCurrentThreadId
GetModuleFileNameA
CreateFileA
GetLastError
ReadFile
CloseHandle
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
RaiseException
LoadLibraryA
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
HeapCreate
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MapWindowPoints
GetClientRect
GetMonitorInfoA
MonitorFromWindow
GetWindowRect
GetWindow
SetWindowTextA
EndDialog
SetWindowPos
GetSystemMetrics
DialogBoxParamA
GetActiveWindow
DefWindowProcA
GetWindowLongA
SendMessageA
LoadImageA
GetDlgItem
DestroyWindow
CharNextA
UnregisterClassA
SetWindowLongA
GetParent

advapi32

RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc
GdipFree

iphlpapi

GetAdaptersInfo

ws2_32

sendto
WSAStartup
socket
htons
connect
select
WSAGetLastError
send
WSACleanup
closesocket
recv

Exports

Exports

0H��N�Ǹb��~"Dte2��kH-��b�`m�+yX��-�J�a�8��Vsj-�&�% �g��a��A ̀I�6S'�A��{!�XB��?+��Ar��X��R�ז�B��8M7.�b�~�T�ߠ�b��G^�E-Ց��NU��%%��T#��&�9��[��\��)�d�r{��KE��@�4?�a�`,'��ϲ�A�3� ��%��5)rm�[�o��V[�G�uW��j��\��],�`Y<B8X�b�@t-�]lq�!,j�8j(ʋ�� E�Z*��3��A�<��i�m;�V�׊��q��a��ElF95}z�kA4�m˾j5ճ�f�| ��?U��/Kr�rd�[�񈠢��gw��D�z��.Z��O�r�TAb{ujC��?l��8�앲,X0r�/��O�;�֍P�'?|m[>��ߓ7�W��EJ�U��S� � ��"IL~g��Z,��@�l�o�S!F�7�I��$��̻��d�0�HT��N[��,m��h��j-�>��t�@��$�GS�̆�_?�LH�s�{W 3 ,��Ej��H��y�Z�Dq�6UX^a=<��.�^4!9k�,��Nf��%��tQ��T��}�4O��A�b9%&q��ݱwîpd[� _B��-�pt��6�ܜ��}f��X�0�ȍyF $�:cl��T��O+��)��v��Wle>v>ksC�U��LGX#qn��]^��=��߄ZW��M�ئ.m�Âvçd0��r��F* ��ށ��V�Z��B��{|��r'��80No 7߼��F�h�b+�-��I]l�o0`�ݳ��0] ##�-9sˆ�;dk�y+��y�qF�c��s�2�eKtM�X��t�=�UA�i1��]�M5�<�0Ȕ�7�]QL��z��i[;��9�rQPEٔ�C�=��3�+0�\H5Ua�AS��O ��zI��etg�7Yl$�5��>��ߔkk�(8x��Z͞��΀��[��VuO�]?3͎-�_t8ꎘ+7ۤ��m�]��l�m ��u#��&��-��T�� x��Gk��!ے��<N��Ё�� H��kk*��w[F�ƃ'�^Q��%qR�{N�k��'c��lX�a��h;��'�V� s7b�@��`G��ҕ<-��H�#�"�s�O�'��q�x-#F5C��D� J��1�;�2/`��U�|��m��=��v.��Z�0M�� lW��>��k��(�:7��5��8��z,n��l}k�le��Hh�yM:c�VS�ȧ�l�,/GL��d�ӸK.�ѴL(gM�� W��U��Y��G�΢��,�Q�3��w:��:N��uP�«�[��@��Ƥ�� \祌�A�.L1A��Ҏ��G]� +�rtp��_��P+��()۩�$70�1�!h@g�H��x(#W:w�U�p�B�0�I��G �4��{Z�'�4� t��SN�9��)Q91�Np�}��O��$`־VHv�5�!�V�PO�ޯ"�i��7�+.H�+i�r�;�kcTT �Di`��q4:3�ќ�h�@#I�a��zMv|Ed�@-0��P+��U��`i��rm%��U��}�`Fz��ⳅO�}�r��p�گ�fSzI�A@2�ر/P��.�06C ��ט��T�# �{I�$��o�A��~��j�%H�If#�^��?x�Ï��M�tH��Nw��\�Q�?֙�y����O��US��u��gn��q�s��R�U� !��n�A��ܨ�e��\C��v �p��;�>��ͣ��H�3{}aX��8�5�g8<a�6�&��M�]%E��L(��'l��#��'��a�T��峖̂*TZ��0Ү�Y:R#M�e��Xs��!��P�an�^u;��ݏ��N�e]'!Ɋ�y��&��XH�R�D1�G�ebMi�tF�� I�dK��+A!��4� %��<�B��(�@�E\��/�A/O��ǌje �%x��#H�V��!��¢}fկ�D�3Y�z�F��ql/z0��Uׁ�+R3��8�ƨ��Ʀ&�v��!��VG7��J��QM��t_�J�N�fʲ�Q��X"�t5�4��WyZEz-��!�2��?�/��[0��;�WK�A��Xꠀ��1;��K��Sж8l�k��1��˦aB�t�z�\�X)�!��w��ئ�� K|,72ds/Yvt76ܹr�͊/��ݮ�� `&[��jQ9��k�-��ּ�jոͻ�B��L��]��f�/)� �g��$HkKS'˱��q�w�ai��p��&l��j��L��d��8�C�wK�D��_#^ܠY��wJV��G�6ձ��Y�km0��LW��eI(��'1S��zA�`��t+F$8ةl:�>y.$�QڇA&��"��e��'�u��;�|[1��~��s��+Pۙ��ZF��@0L!N-;3b`��X��3��0��+�Sy��Ux�[�w��͡��jv��Col]8:��RAp�BF�:C�B�?)��Nb,�K�M2�Lt��ѓbn�j��+I��t&�ݒ��!?k��}��p6S�`��.\�lB�I^�hz��>HLҫc��5�l6�!I�y�r�֯6�O�n �}=\� ��eS-G�U0wk��k��[�`lyj�E��S�8ֿX��Yt��Z-Wn�/ua�x"�J�X��L��`�ݹ��=�ҵ��i�rW(�O'�u��,VI|;?�@s��ƷJ�6ܼ��4p��uDvkw�U5��e��8/��NA��a`�`��yu

Sections

.text
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15e0cf6a3f823cd17021bf038ed0145c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 85KB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 12KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 165KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 328B

.rsrc Size: 98KB - Virtual size: 116KB

.text
Size: - Virtual size: 85KB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 165KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 328B

.rsrc
Size: 98KB - Virtual size: 116KB