b9f19608e8fe6f0aaf49e6b9666ddc5d7feb5a0f6ca95bbfc5b4a08ecc7432cc

Sharing

Copy URL Twitter E-mail

General

Target

b9f19608e8fe6f0aaf49e6b9666ddc5d7feb5a0f6ca95bbfc5b4a08ecc7432cc
Size

5.7MB
MD5

429cf19c102ef022e7e5f58695cb5b52
SHA1

7b903a7c45fd0388968b8abb125c111acb45fcec
SHA256

b9f19608e8fe6f0aaf49e6b9666ddc5d7feb5a0f6ca95bbfc5b4a08ecc7432cc
SHA512

9b5d166b3c17b1ebcfa6f7fa0f4a1685aecd3216ea192b442e389b59da11f1e97fecc18b9056e2b0370c5f95f17bf81a4a3b3bd518eb8580d762e9b6c6f3cf01
SSDEEP

98304:oAZHdMYHpp78Fy5OSh8MT8ewKxzVORdgFyoaa8+QtJ0/9KMxYt49TxmP5KxEXnsl:DxJ78NScewKZVOnQQftJ4K6FxNOCaaau

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

b9f19608e8fe6f0aaf49e6b9666ddc5d7feb5a0f6ca95bbfc5b4a08ecc7432cc
.exe windows x86

9eea54075b76a4ccaec7979ebd1405b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

winmm

midiStreamProperty

ws2_32

ioctlsocket

kernel32

GetVersionExA
GetVersion
InterlockedExchange
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendMessageA

gdi32

SaveDC

winspool.drv

ClosePrinter

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyExA

shell32

DragQueryFileA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

Sections

.text
Size: - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9eea54075b76a4ccaec7979ebd1405b7

Headers

File Characteristics

Imports

msvfw32

avifil32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: - Virtual size: 889KB

.rdata Size: - Virtual size: 1.6MB

.data Size: - Virtual size: 400KB

.vmp0 Size: - Virtual size: 4.1MB

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: - Virtual size: 889KB

.rdata
Size: - Virtual size: 1.6MB

.data
Size: - Virtual size: 400KB

.vmp0
Size: - Virtual size: 4.1MB

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 48KB - Virtual size: 47KB