eb76d9eca800fbfc7db45afbec4c11741886d62f6023f94306a26651788077b2

Sharing

Copy URL Twitter E-mail

General

Target

eb76d9eca800fbfc7db45afbec4c11741886d62f6023f94306a26651788077b2
Size

310KB
MD5

40cbdb86e9b2ec516b7e55f88d8c96c8
SHA1

520e894ce7d66d5d4090a314a86558af9c43b2a5
SHA256

eb76d9eca800fbfc7db45afbec4c11741886d62f6023f94306a26651788077b2
SHA512

4da00a056cf5ba977114bba5deeb4ab5adf92cb26a067335bac391a88f3d12879224780a18d2448e588e0aebfdada5cd690d1e4e12b3164e60b0895ab642533c
SSDEEP

6144:1ruQK03szQ9WaHl6hz1UzXEf9TxsV+byDEv9WIrH9dZA7lapyd1xMlgN98B:1rn7OPE6hBOXyg+KElWIrnsaCxML

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

eb76d9eca800fbfc7db45afbec4c11741886d62f6023f94306a26651788077b2
.exe windows x86

633258bf95e6b82e6a8453c30d4c9ec7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
MapViewOfFile
GetModuleHandleA
GetProcAddress
CreateRemoteThread
QueueUserAPC
ResumeThread
CreateWaitableTimerA
SetWaitableTimer
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
RtlMoveMemory
GetModuleFileNameA
GetTickCount
GetPrivateProfileStringA
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
WaitForSingleObject
GetStartupInfoA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
CreateProcessA
LocalSize
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
GetCurrentProcessId
OpenProcess
CloseHandle
GetVersionExA
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MsgWaitForMultipleObjects
IsWindowVisible
FindWindowExA
IsWindow
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
SetWindowPos
IsIconic
OpenIcon
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
GetClassInfoExA
CreateWindowExA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
OpenProcessToken

ws2_32

connect
htons
recv
closesocket
WSACleanup
socket
send
inet_addr
WSAStartup

msvcrt

_stricmp
calloc
__CxxFrameHandler
strncmp
free
memmove
malloc
modf
strchr
strrchr
_ftol
atoi
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z

Sections

.text
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

633258bf95e6b82e6a8453c30d4c9ec7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: - Virtual size: 59KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 75KB

.vmp0 Size: - Virtual size: 242KB

.vmp1 Size: 288KB - Virtual size: 288KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: - Virtual size: 59KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 75KB

.vmp0
Size: - Virtual size: 242KB

.vmp1
Size: 288KB - Virtual size: 288KB

.rsrc
Size: 20KB - Virtual size: 20KB