2dba019f0d2602caf0885fa1ee47483ed06a4cc297b55b15e4ce1ea949ed93fa

Sharing

Copy URL

Twitter E-mail

General

Target

2dba019f0d2602caf0885fa1ee47483ed06a4cc297b55b15e4ce1ea949ed93fa
Size

5.6MB
MD5

2b9eca113033abf002044e4796473fe5
SHA1

0ee80892b0a123e950576616ceb7cdf0c013407c
SHA256

2dba019f0d2602caf0885fa1ee47483ed06a4cc297b55b15e4ce1ea949ed93fa
SHA512

918b40642ddca269ac5dae84177ca625ad5b498a18c62becbbca77462091c2c81f59b37b46526f9f1a9291afa4b4c319d0038f605fc3c4b6bda5f6323da09fef
SSDEEP

98304:kc0vWo4c8OUiP+h71YLveNXBA7Wni8vwoTMMVThfhmQt+xhM0hlGUsiD:ivW5OU8+J1y7Qvw0MMpFt+xC0WViD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

2dba019f0d2602caf0885fa1ee47483ed06a4cc297b55b15e4ce1ea949ed93fa
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

\��/��҃g�s��j¦�_/�#��ӬwWZ10��G�� }4��B� �4��T��(�җ��y/��o�&NO��/!H��ϧV<tɠ"�ݹ�^@��Z�T�I��7� �;�K��>íruI1q��6�/�L��XROb\�~d�J��`��*�?L�ܩq�W!�!&�� Ʀ��cg��J�A�X�A��g>r��~��ʗK��T�t�`��fI�o�'X/��쌫u��t�M6 S�ͬ��ɲA�L` D��Ԉf�X�FEj�`�?y�H3��&�)��5�f��\m7�_�_&�gq�ӣ�|��,q�e��EW��N]&�:�AI#B�9^�1QLc��yC�Yݹ`�!0� GQ'5H-۞��>dYYd��.�-��35��o�9�;��m�;��s��Oׅ�cفҟ��9-[/�c#��$��.*��\zam��s��:��먺�x�k�e��&6�z7��i�d��x�� 6mVj�gk�ܛ�챃=ZŒ��`�\�t��xĵA3CڮSXs��k_�4�j ׃M&�� 1��`�K�\��>��oXa�k$�e��b�N�[⟛2��P��IA�a⠺�-��jmq oE�ʍ�+��o;�x��LT��܈�� W�y��U�0N� %[�, �J �},�� G:pC>�,r��`�E�!ɣG��)��!��٠4�}�a��j��fP��a-W1㿮��6-aeaP hL�7 �`!p��Ũ�q�ߪ.lk^f�O��J��;��N"0�n�� v$F��x�;&\T� ��J�ބ�h�7 y�_��%��)��=S΋8o�c��i�p-5`�9o�x�I��/e�&� \�t�2��y��))L8P��1�s�>� .8�$�u�� g?�ܜ��"��t�+��V��k��m��G�o�)�#�yP�Kտ��(�S�V0Ѐ�tr�k��:N�# ��Ɣ��o< ��x�i>��4�܂=VP�\bL R��1�{K$�i�V��be��\��ף�N2F��&&�9S��n�4A�6)�7__3��%G ��G�'n 2��y��p ��mß�G>��.R֢&��<Lk��Nqg�ٚ��H� �)"�7h��M$l��z=��'�zBt��W��5Dc��Ų�Sv294p'�£�8ǅ��O�tY/H�P$�j�{4I��"j�q;K �Jy bk��&wz�>di��DCS�O)P��Ѽ��n�ާ`}��>�|H{eJ�P�uK�(��n�>�ic��<�PD��~̇��u�N1��@[?c��fn��VF��I��Sx�H.kO2��l!)�_{T�s��z�P��+� ��F��r!�=w>L�}��a LU��k��Z��C�Ǫ�gAtGS��>��_;��|F!)v�]B��7��A�X]��ѽq�{G9�g�]��K��Y��xKN��T�Jٞ�/��;�C!:N]�KDl��j �(I��C]�KK�]�#��d63��v�!��=YbOU�VF��JI�l䃈Ze��9hz�(~Lm4�.��`��3�� gf+Ń�ɾz��zK#�*�P��l �C)Kκ ?��|�� Z5F�R��[@��,��<�*��ؗ8�Xs��X{��Be��e�A�=6p(t4^O�H��A�d �5�>�`Ƭ5ʹ&wً��bH��o��]��dS$8�f�OM�X��r�:�l".'q�|�t��XP��[�t�$_��&��i�2u��(�L��mx�oH��1�KhR�!FP�{�}��BV$��^)}�&��Q�J�m�U��)�T��l�0@�0\gI��<v��u�6��G�2:��r{|@D�6vg��\��^a�\�*+e��jVl��4�i�� h�OK��qc��^��Y��%�� <d^��W�E��)N��<��EZ2�Y�%�i�,,�?u�]!QA J��'!W<�M�.��b,��Y.9��l%�ı��$n7�p9�^��D� � 0SPRC*g"�F46�G�"/u�;E-��N�:��~�F�9��.m`'� =��_ `X�yE��rk��"+4K�u $��n)�?#e"�w)��y�O%�H7�,��ŌB� 2?A��.��(�� c��`��z��n)�mMaX�Y��4��6�m}�l7��i��Ca�{�� #!6�?a�w�i��Q8��f�_Y�w��.0OT��D��a�� 7w� �Ĕ�r�>nCW�>N�{KQC��gÑ�d��IZp��:�J8��a�9��چ��<T^�%:ϟt2 ��;��E�*>{̄XV楮 |[��K��q��a�:];�L�s��'��hR4#߁��H-��h�۱��]��v��@(�J}y�bpՌx��mE�N�a�a(T�uU'f}k#ɰ�x��2NM:��) )g�S�K�S��h��;��e��%fC4��ou��qQl�)��Q��z��H�EWSW��w�#\�o$��:��'�%�K=�%��w-�D�&4ݐ��) Zi�RM��y�Gi �'8_m��?emKLm��N6m.�,^�Nꕘ0c4��VZӾ5 �@��R��q�5��%i�=D�� `Y~��F'��6��信�;��>��]��CwL��Y��4� �1�*�)��pf��v()��D�ߺ��G�o��:|8F.�,�-�=��4�L��>ﴐ༈M .pF*Qg�fR��6��$��V��7�-aC�K��ܻD�'��T�ҡV��Osy%�"W�e�De�h��pYs��b�w��U^N��s��?V��qr��K��V��ڠ1�5˄�b��[�׏��{ �

Sections

.text
Size: - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 63.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 918KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 5.1MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.upxupx1
Size: 176KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upxupx2
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: - Virtual size: 9.2MB

.rdata Size: - Virtual size: 1.4MB

.data Size: - Virtual size: 63.2MB

.rsrc Size: 40KB - Virtual size: 45KB

.vmp0 Size: - Virtual size: 918KB

.vmp1 Size: - Virtual size: 611KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 5.1MB - Virtual size: 5.0MB

.reloc Size: 4KB - Virtual size: 232B

.upxupx1 Size: 176KB - Virtual size: 4KB

.upxupx2 Size: 300KB - Virtual size: 300KB

.text
Size: - Virtual size: 9.2MB

.rdata
Size: - Virtual size: 1.4MB

.data
Size: - Virtual size: 63.2MB

.rsrc
Size: 40KB - Virtual size: 45KB

.vmp0
Size: - Virtual size: 918KB

.vmp1
Size: - Virtual size: 611KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 5.1MB - Virtual size: 5.0MB

.reloc
Size: 4KB - Virtual size: 232B

.upxupx1
Size: 176KB - Virtual size: 4KB

.upxupx2
Size: 300KB - Virtual size: 300KB