12ba4e91cf83170dd00173ec20f4a1dba9ba014d3afcb595b9b927a72af3b83b

Sharing

Copy URL Twitter E-mail

General

Target

12ba4e91cf83170dd00173ec20f4a1dba9ba014d3afcb595b9b927a72af3b83b
Size

10.4MB
MD5

a4492a93ebce86974bc2b7771ec7e2d7
SHA1

601deae769d444c9b857b0aa4ce5d5bc8fe437be
SHA256

12ba4e91cf83170dd00173ec20f4a1dba9ba014d3afcb595b9b927a72af3b83b
SHA512

836c8d2e2b17e60e02a7986ac642d99a9855aae2998b2a52369c6bc75af717b9c4888054fd8f9f84cff5d383dc56f39d84710073f851c741d4686b1898c52f5c
SSDEEP

196608:feOXzd8pNKitX4Iktp9vk3qo4K5ISH897cLglXocOc3VsnsiKQV+dkezrTMpxVKT:feOXzdeNJstnmj4AIb7cLglXcc3WsZQs

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12ba4e91cf83170dd00173ec20f4a1dba9ba014d3afcb595b9b927a72af3b83b

Files

12ba4e91cf83170dd00173ec20f4a1dba9ba014d3afcb595b9b927a72af3b83b
.exe windows x86

8bb5bddd85680b95631d4e12295b4ea0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCapture

gdi32

SetWindowExtEx

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueExA

shell32

ShellExecuteA

shlwapi

PathFindExtensionA

oleaut32

VariantInit

Exports

Exports

�l{>��P�"��7_��pdi5��)L�t��G�Q��G��rJ$�0ZԶ�� !��H�[��:'��"@!��w��9��J1�h*�)��.7��Xg�Y%�Yh�K.��`��D��w�L�m��&�Z1�c��o!;;R��|)m�'��$�qs0��h�.Cz�T?��M3� @FԴ��Y��W0�Gf��H�a��J�L��k�Ш�:9 �;ѭ��(�v7k��uظ\�h�9�w�� eer�ܻ^�D)@�v��r�/};XLx��{'`$��e�i��/�Zn��Ʊ!�v�k*�ͅ��t]9�9o#ݾ��٠w}�)Z��n9��;��/d�XG��dfJQ]R�2�|��E��B�l�8.�@�Yv��f庌�ξ>�p�[$�?�L��E>��#πPQ��!?�+N�6 f<�C@�I�pTҹ�#h܃�D�q��s ��v��I3d�Se"�7W��I{Z��`� ��pA�ؚ�c�fBSD>�=��v� ��j/�&��]}��QD&�J�E�z�& ��Y��vy3�85jC�d��83W��8�(�:�Is$��P��)�v��D�Ͷ��h��t��2��l1��VD�"wa��f��h��SL�D��Bm3� $��͉�-d�!2�8X�7��ᩐX��y!,�6>��2GS�q6��7�<�77��*��$6@�t��-��٥V�'�7��Wӈ��ܝ�:��P��Uh%8o~��<b��L+~��El*Fr��5��%��x �ϯorQ�G�C�P��2T �R�<ř�F��ZK�!DҎvk%��(\�F��7k��1V3��w� �~��+i�(JZx��e�ޱ��"h��;�GY��ϠYr��S�YZx��l�0��_~�P݂7��u��s�_I�f9)�"��#�O�W��%y��m��#?4��.!��N�|��v�C�*��O'��#��΢��2�(A�O�=JX�g�yd��ę��]� _�qT�ezA� AX'��L�^�u7��vU��+ȕ[9<�#c�G�G��/�j2�k��G>RZ�gѭvMO��_�5��i��*��N`�.o��u��lֵ��D�S��q�볶y�T��v�Uɺ`�`��=Z�T{�\F��Q�%t�:t��MoPc��A�n��|��(�&�˪��#j��W�/�2�MJ�.�1ʰ��Oh�bݽ��`&d��[ʐ>п��;9�$}H��W�H��~g��8�?��W��V�H<?fi|yU��t��QQ��8[�:ڷrb�f�V�Ϲ D͍�o�_��- V��G�5yr=�/�fAТ�F�{��XDOgO)��B��[W��x,Qziz�Lɚ�(�;�{��kO��XJ��bO &�e5��#��Y�=v��S��(t��Q��FS��}�b��e�H9��M�QM�%�J��%�#r�dy��oe�r��Q�H�o /�~NWƮU�z5|0��>�!3'f�")�x��N�[�!N6�A��%�~Mv��k`3 �� >�"Lɴcw1@]�(�u��[jh/�%�+�@��8ނ1�reC��ԗ��c~x?�}B��sThR�1��BP5��J5��$�V�m�f�$��@i��r�lި��H p��uga��A��D)4F#�ofD�*d��E�W+3Qd�7��ާp�g!@_LF]�0��6qc��§�j�K(Jk�5�K��X��w��c� �i.�+��?c {q��쯇BkMY��S�?��a� ��{��2�QY��Uğ ��^p��~��-ۑ��'m��l�O��5ťW7�� D��&�� ý#0V��d�dH��"�p��ơ&SM�H�@vD�.��l��Dc�I�}[�j�R<�XV��SE�i��o��1��{��x&�ͫ��9;�kgEَ��>��q�_��}��C14��)��s�K=�I��)~MZ��B ��K]��t�_��b�V�!cx�Rq��<>U�؁D*��f�&'В��U0X,��ʪ��\��lM�AEa$��竲��`��H��I�R�!e̲~�V�Y�8Q�DFҨso�յw��k��r�� E�BaT��^S�ZV��5Y��S<�wa��'�`b$�z�r�TS�_0�X�;Z��sN�!��I�� H�*�@�d�7��s��݋��]��}+T!��}s�� Sl��>�e��l3z++�V��氍O�V�G��?�Z�6[��$e�9�s� $�j譽��E^p�S��/��I2��RB�5�o��'=��MiÛ-M$�A��9w� Atƙ8�M��gy�&��ef��f6<؉ÎM�Se�j��@�3��F��e��9 ��5,��^Y��Z�g-��F캳��}��YdVd�+7�L��c��,>�j�n�5t��Q��g0��T=j�U�>�u�f�� !A�G��U72�!r<�W�Р:�8L ��~�8i3]ccϲ�ltKxTM�$yK��+�ؕ�� w)��G��`�y�y��\U��L�l�= ��M ��~�Wi��<?�|�=��4��v��Ð�&I��w&]��9s�-�o=ͼ��m�<��7��$��B=<#�z?�Ug��a�Y�8�r� ��I�ӯ{uVn�,��EJY0z�[�5��E��יpQr��?'�1>^.z1��[��k�J-�yPu��s��@�w�Um��94��&$��P��,��N��a� 9%��5&"�Oc�^��*�ce� ��\Ey�f��]�k �X�Uz{3�U��:|E�fʔ��(�;Xo״��?M�L�!�TKt�Z�F�R

Sections

.text
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bb5bddd85680b95631d4e12295b4ea0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 137KB

.rdata Size: - Virtual size: 39KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 9.9MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 10.3MB - Virtual size: 10.3MB

.rsrc Size: 57KB - Virtual size: 57KB

.text
Size: - Virtual size: 137KB

.rdata
Size: - Virtual size: 39KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 9.9MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 10.3MB - Virtual size: 10.3MB

.rsrc
Size: 57KB - Virtual size: 57KB