3bb11950f083efa07bddee85ba4f0c4eeb39fc252e8ca45db061674f88926a3e

Sharing

Copy URL

Twitter E-mail

General

Target

3bb11950f083efa07bddee85ba4f0c4eeb39fc252e8ca45db061674f88926a3e
Size

136KB
MD5

72f65746ff420ce1d46cbd63a487dcf3
SHA1

eb9d95dd341d3d743ee1678b7ecd84634f4957c9
SHA256

3bb11950f083efa07bddee85ba4f0c4eeb39fc252e8ca45db061674f88926a3e
SHA512

e7139365c70eb9f0cffb0aeb54a89119815a34ea01a417452fd1ae90fa10342217e6b5e2afb9686b019741b676ba2465ec1ea184cc3019c2e50d9cd18bac8055
SSDEEP

3072:ZqdqvBTdqnSoUKcJYaeJUl7qy5h0Zj2tieX:qqtdqxtXJoH0jcX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

3bb11950f083efa07bddee85ba4f0c4eeb39fc252e8ca45db061674f88926a3e
.exe windows x86

311422399b98072b7a93062a247f74d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA

xmldll

?FinishTask@CXMLDLL@@QAEHH@Z

mfc42

ord3136

msvcrt

_controlfp

kernel32

OpenFile
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

keybd_event
MessageBoxA

gdi32

ExtTextOutA

comdlg32

GetOpenFileNameA

netapi32

Netbios

advapi32

GetUserNameA

Sections

.text
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

311422399b98072b7a93062a247f74d7

Headers

File Characteristics

Imports

version

xmldll

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

netapi32

advapi32

Sections

.text Size: - Virtual size: 83KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 27KB

_BSS Size: - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.vmp0 Size: - Virtual size: 45KB

.vmp1 Size: 124KB - Virtual size: 120KB

.reloc Size: 4KB - Virtual size: 152B

.text
Size: - Virtual size: 83KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 27KB

_BSS
Size: - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.vmp0
Size: - Virtual size: 45KB

.vmp1
Size: 124KB - Virtual size: 120KB

.reloc
Size: 4KB - Virtual size: 152B