b2e3af277067f732a278ef78d8206ab07ab8394e493fbd8ebf31b2cfb3c4cb19

Sharing

Copy URL Twitter E-mail

General

Target

b2e3af277067f732a278ef78d8206ab07ab8394e493fbd8ebf31b2cfb3c4cb19
Size

2.4MB
MD5

3eb5230c444000a2c80221bda8874736
SHA1

84e16091289cdfd1551cb0b0a05a59b055d738c7
SHA256

b2e3af277067f732a278ef78d8206ab07ab8394e493fbd8ebf31b2cfb3c4cb19
SHA512

661998b85298e2f2d644dd10f5b15e1b4f7cc53953840080b7b875d24ea016eb86986933b7590f0aea693d833987cdb91460e4ecde383325286cfa7fd958c1a0
SSDEEP

49152:WxlMnzuLy+9FKrDnnY/xts8/DbBacID4aiitfI38g/YjVMV:WxyKLy+3KrCF/Dt0KiF

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2e3af277067f732a278ef78d8206ab07ab8394e493fbd8ebf31b2cfb3c4cb19

Files

b2e3af277067f732a278ef78d8206ab07ab8394e493fbd8ebf31b2cfb3c4cb19
.exe windows x86

c228941f6bf3d71858cc15b0947b4c18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutPrepareHeader

ws2_32

closesocket

kernel32

GetVersionExA
GetVersion
WritePrivateProfileStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCapture

gdi32

GetClipBox

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

DragQueryFileA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ImageList_DragLeave

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1011KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c228941f6bf3d71858cc15b0947b4c18

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 740KB

.rdata Size: - Virtual size: 1.7MB

.data Size: - Virtual size: 298KB

.vmp0 Size: - Virtual size: 1011KB

.vmp1 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: - Virtual size: 740KB

.rdata
Size: - Virtual size: 1.7MB

.data
Size: - Virtual size: 298KB

.vmp0
Size: - Virtual size: 1011KB

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 8KB - Virtual size: 4KB