5d72987321122f9e559b961a12810ec5159c8d262dd954c3ea5dfc049ded5f73

Sharing

Copy URL Twitter E-mail

General

Target

5d72987321122f9e559b961a12810ec5159c8d262dd954c3ea5dfc049ded5f73
Size

744KB
MD5

046467efcd934efb133c8ce65096fe1f
SHA1

c4978d26c8e110623ae44ff4d936da7d59b97405
SHA256

5d72987321122f9e559b961a12810ec5159c8d262dd954c3ea5dfc049ded5f73
SHA512

a9b0ca92e4cfbaf2d9001dc61272783522cb91969f10b7f472082d4596ecc2cee9841937d80c6531b0fae1744b008fdea07399393803172029d0bca4e975e119
SSDEEP

12288:+kEJnU6f8yFHL43/uFDMWT0EyJCVcWsWeGbilXVv/2tiUt8O6qj7drUkEJnU6f8v:2nU6f8yFHL43/uFDMBEWCOWlilln2cJK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

5d72987321122f9e559b961a12810ec5159c8d262dd954c3ea5dfc049ded5f73
.exe windows x86

5afadbf28d2b0e15fae957935ca7f625

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

��CC��>>��>>��נ��٣��GG��>>��>>��qq��ڥ��ڦ��٤��٥��۩��ۧ��ڦ��ڦ��>>��>>��>>��>>��߲��ޱ��۩��מ��p��n��я��ʀ��p��Ή��t��n��n��n��n��߳��n��
__vbaStrI4
��t��n��n��n��n��߳��n��
__vbaStrVarMove
�>>��۫��ڥ��ޯ��@@��>>��UU��٤��ڦ��>>��>>��>>��ڧ��۩��ݭ��۩��>>��>>��>>��>>��>>��Ў��Ғ��{��ݭ��Ӕ��Ѝ��˂��n��n��n��n��߳��n��
__vbaFreeObjList
ord516
��Ѝ��Ѝ��ё��۪��Ў��ѐ��ڧ��я��ѐ��ܫ��՚��ђ��ۧ��Ԗ��ґ��ܫ��ء��ғ��٥��Ԙ��Ӕ��ۧ��ݮ��PP��>>��>>��>>��zz��ԗ��ڦ��ޯ��՚��٤��ڥ��ՙ��٥��aa��>>��>>��CC��>>��>>��נ��٣��GG��>>��>>��qq��ڥ��ڦ��٤��٥��۩��ۧ��ڦ��ڦ��>>��>>��>>��>>��߲��ޱ��۩��מ��p��n��я��ʀ��p��Ή��t��n��n��n��n��߳��n��
__vbaStrCat
��Ў��Ў��Ў��Ў��я��ѐ��ѐ��ѐ��ѐ��ё��ґ��ґ��Ғ��Ғ��Ғ��Ғ��ғ��Ӕ��Ӕ��Ӕ��Ӕ��ӕ��ڦ��dd��>>��>>��bb��Ԙ��ՙ��ՙ��ՙ��ՙ��ՙ��՚��՚��֛��ܪ��PP��>>��>>��>>��>>��>>��>>��>>��ן��נ��ڧ��>>��>>��>>��٤��٣��٣��٣��٤��٤��ڥ��ڥ��ڥ��ڦ��ڦ��ڦ��ڦ��>>��>>��>>��>>��ܭ��۩��۩��ܪ��٣��t��n��n��n��n��n��n��n��n��n��n��߳��n��
__vbaHresultCheckObj
_adj_fdiv_m32
�CC��>>��>>��>>��۫��ڥ��ޯ��@@��>>��UU��٤��ڦ��>>��>>��>>��ڧ��۩��ݭ��۩��>>��>>��>>��>>��>>��Ў��Ғ��{��ݭ��Ӕ��Ѝ��˂��n��n��n��n��߳��n��
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
n��n��߳��n��
_CIsin
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
DllFunctionCall
ord670
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
��Ӗ��Ӗ��Ԗ��Ԗ��>>��>>��bb��ՙ��ՙ��՚��՚��՚��֛��֛��֛��֛��֜��֜��֝��ם��٢��>>��>>��>>��>>��ؠ��ء��ء��ء��ء��آ��آ��٢��٣��CC��@@��__��>>��>>��GG��x��n��n��n��n��n��n��n��n��n��n��n��n��n��n��n��߳��n��
ord713
ӕ��՜��Ӗ��֜��ڥ��מ��ԗ��>>��>>��nn��՚��՛��ܫ��ڦ��֛��ء��ڦ��֝��֝��ء��מ��מ��>>��>>��>>��GG��ء��ޯ��ݭ��أ��ڧ��آ��٢��ް��ޮ��>>��@@��>>��>>��>>��آ��w��n��ʀ��ʀ��t��r��r��n��}��ʀ��t��n��n��n��n��߳��n��
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
��ڦ��>>��>>��>>��ڧ��۩��ݭ��۩��>>��>>��>>��>>��>>��Ў��Ғ��{��ݭ��Ӕ��Ѝ��˂��n��n��n��n��߳��n��
�Ѝ��Ѝ��Ѝ��Ў��Ў��Ў��я��я��ѐ��՚��GG��>>��>>��>>��>>��Ӕ��Ӕ��ӕ��ӕ��Ӗ��Ӗ��Ԗ��Ԗ��>>��>>��bb��ՙ��ՙ��՚��՚��՚��֛��֛��֛��֛��֜��֜��֝��ם��٢��>>��>>��>>��>>��ؠ��ء��ء��ء��ء��آ��آ��٢��٣��CC��@@��__��>>��>>��GG��x��n��n��n��n��n��n��n��n��n��n��n��n��n��n��n��߳��n��
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
@��߳��n��n��n��n��ό��Ѝ��Ѝ��ё��۪��Ў��ѐ��ڧ��я��ѐ��ܫ��՚��ђ��ۧ��Ԗ��ґ��ܫ��ء��ғ��٥��Ԙ��Ӕ��ۧ��ݮ��PP��>>��>>��>>��zz��ԗ��ڦ��ޯ��՚��٤��ڥ��ՙ��٥��aa��>>��>>��CC��>>��>>��נ��٣��GG��>>��>>��qq��ڥ��ڦ��٤��٥��۩��ۧ��ڦ��ڦ��>>��>>��>>��>>��߲��ޱ��۩��מ��p��n��я��ʀ��p��Ή��t��n��n��n��n��߳��n��
__vbaVarDup
ord616
__vbaFpI4
��x��n��n��n��n��n��n��n��n��n��n��n��n��n��n��n��߳��n��
ord617
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

VirtualProtect
GetModuleFileNameA
��ޱ��٥��ء��>>��CC��>>��>>��>>��۫��ڥ��ޯ��@@��>>��UU��٤��ڦ��>>��>>��>>��ڧ��۩��ݭ��۩��>>��>>��>>��>>��>>��Ў��Ғ��{��ݭ��Ӕ��Ѝ��˂��n��n��n��n��߳��n��

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 588KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5afadbf28d2b0e15fae957935ca7f625

Headers

File Characteristics

Imports

msvbvm60

user32

Sections

.text Size: - Virtual size: 172KB

.data Size: - Virtual size: 2KB

.rsrc Size: 148KB - Virtual size: 144KB

.vmp0 Size: - Virtual size: 432KB

.vmp1 Size: 588KB - Virtual size: 584KB

.reloc Size: 4KB - Virtual size: 52B

.text
Size: - Virtual size: 172KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 148KB - Virtual size: 144KB

.vmp0
Size: - Virtual size: 432KB

.vmp1
Size: 588KB - Virtual size: 584KB

.reloc
Size: 4KB - Virtual size: 52B