95f176d5d0bd4016d6408cb022a278d1685d76bc4a1210fa44ffe8224efd3f60

Sharing

Copy URL

Twitter E-mail

General

Target

95f176d5d0bd4016d6408cb022a278d1685d76bc4a1210fa44ffe8224efd3f60
Size

916KB
MD5

8be97b2b7057f8313f9adb9d0f6e00a6
SHA1

c7c4445fbf120500d845399a7365bb626f130510
SHA256

95f176d5d0bd4016d6408cb022a278d1685d76bc4a1210fa44ffe8224efd3f60
SHA512

6cc71c6c5b620115b85a0fd7427b0f559b10f718f833df18ba8805291f8506583aa189208892db9ad73a5bcafe90f85c340f87caaa496b74447fe7afcf20b761
SSDEEP

24576:AZ94cFvZrrt+DOiypfpB8Dr1s0O3hgYmZyMMRJcFyNG:AZ94cFvZMD8ppBUCZ3h9brrFNG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

95f176d5d0bd4016d6408cb022a278d1685d76bc4a1210fa44ffe8224efd3f60
.dll windows x86

3c3cdeb73b20ab1e89bac25537b47b9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileExA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

m2server.exe

SetHookPlayObjectFilterStartOperateMessage

ntdll

RtlInitializeCriticalSection

ws2_32

WSAGetLastError

wldap32

ord60

crypt32

CertCloseStore

advapi32

CryptEncrypt
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

Init
UnInit

Sections

.text
Size: - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 913KB - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c3cdeb73b20ab1e89bac25537b47b9c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

m2server.exe

ntdll

ws2_32

wldap32

crypt32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 378KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 687KB

.vmp1 Size: 913KB - Virtual size: 913KB

.reloc Size: 512B - Virtual size: 312B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 378KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 687KB

.vmp1
Size: 913KB - Virtual size: 913KB

.reloc
Size: 512B - Virtual size: 312B

.rsrc
Size: 1KB - Virtual size: 1KB