b9aa981033818136da6cf246295300ad6faf3981ab3f5cfffb0480f5f97aae49

General

Target

b9aa981033818136da6cf246295300ad6faf3981ab3f5cfffb0480f5f97aae49
Size

768KB
MD5

879572faf21f5dedf4d628619029ab7b
SHA1

a66d91bf80cd7c8bb632a3a8d58bff4152f51351
SHA256

b9aa981033818136da6cf246295300ad6faf3981ab3f5cfffb0480f5f97aae49
SHA512

9f5d902e165a35889b23abf2c60accc7ebf21245371a56f307f6e3a1d94daa9124a3569cbd4f7b81b9768998c0663d8c1d9239dbbc462ce6079c8a6ca70f4b78
SSDEEP

12288:t4KAX/GmrFxe1GvXpeD5Y/Kc03W9yyuu0NtkAqOfzGf11L9L/Eg2BcKY3PaiXz:tvCR77fn9FYtxbML9Yg2794z

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9aa981033818136da6cf246295300ad6faf3981ab3f5cfffb0480f5f97aae49

Files

b9aa981033818136da6cf246295300ad6faf3981ab3f5cfffb0480f5f97aae49
.dll windows x86

199539c9c6d62f69be942ec9da55725f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ModifyMenuA

gdi32

SaveDC

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

comctl32

ord17

ws2_32

gethostbyname

Exports

Exports

StartHook

Sections

.text
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 756KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

199539c9c6d62f69be942ec9da55725f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 56KB

.rdata Size: - Virtual size: 14KB

.data Size: - Virtual size: 601KB

.vmp0 Size: - Virtual size: 217KB

.vmp1 Size: 756KB - Virtual size: 753KB

.reloc Size: 4KB - Virtual size: 136B

.rsrc Size: 4KB - Virtual size: 7KB

.text
Size: - Virtual size: 56KB

.rdata
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 601KB

.vmp0
Size: - Virtual size: 217KB

.vmp1
Size: 756KB - Virtual size: 753KB

.reloc
Size: 4KB - Virtual size: 136B

.rsrc
Size: 4KB - Virtual size: 7KB