14a9face474f66456c37f4e95dd67dc6a35ab3b15549d9fca4d915fd7b39c765

Sharing

Copy URL

Twitter E-mail

General

Target

14a9face474f66456c37f4e95dd67dc6a35ab3b15549d9fca4d915fd7b39c765
Size

1.8MB
MD5

b4152f43ee6f842cff2302aefe5eabef
SHA1

24f38f6c202e08ffb39e2d6135c2ec6ed78885fe
SHA256

14a9face474f66456c37f4e95dd67dc6a35ab3b15549d9fca4d915fd7b39c765
SHA512

51b801bbab3bc0501ad0aedd30072714701dce19fe0f84331be3ff743221c015995f819c81d7baa31866184bf9b266990d57ec835488937d07876398cd595b72
SSDEEP

49152:jxv9f3RO2Pmm0/d3rCLokmzIi4xx8q0dYTJ:jbBPmmWr5xMYHo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a9face474f66456c37f4e95dd67dc6a35ab3b15549d9fca4d915fd7b39c765

Files

14a9face474f66456c37f4e95dd67dc6a35ab3b15549d9fca4d915fd7b39c765
.exe windows x86

9c27d6138d885d34c060608cf5599619

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
SetCurrentDirectoryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ScreenToClient

gdi32

GetStockObject

winmm

midiOutUnprepareHeader

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

RegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

getpeername

comdlg32

GetOpenFileNameA

Exports

Exports

�kĥ�,�Os��jJ��Z�΅|�n�X��l©��t� 9�N�H��5#C�R��$��ڀ��s�X��y^�J��YfQ�Khs�S� #�\ ��^�nY!��M1��K�Z��>CH�mN<.F񑞁Ho_mҌ�-E�2�Z,�?��t�wJ[��$��o��"�B��l��s��)J��|��m��σ�gK�I��W�~��cs��c�;Q�x��$Fx��y�?ͬ>�q5��S��;�j��4)��D��S��@��ɫ��-��>�M~�#�A#��*5�CA�_��9C�'�>Ub� �9�o��0�)PŲL��I(��@ �� yȆy+]m@��U��Zx�7�ƍm�u&�&�,�Ԅ��ũsYi�!��*�[�?�>�Hp�R)��c:��J>��ݺCM��%��@m��ׄq_z��o�WYDaXA��S2��) `��ZiFe_�E`��/T��!b��o�~!SZ.4�)��9��(��(^󉂋-��J��W �ؙr�cMo̡�f�n܍�1}]�#-��Ngn9tJ�f�]D�q��Bݯ�h��UQSV�_�Ogip�6-�5��+g��Y��x1J'8ɓ�rz�24 �O��^G�jD��X��Lh~�@x�)M��4��:N:��́�4]8�l\ j�Thku��6��z��5� ��Eߤ�gom��Dg�Ki� ��g~� �8�u1q�m�B��<n��J��c3s��%̚�Dz6�;�*�7�p��I��F�c_S��N��[�.�[�G*-<2�\��:5��߰ss��)C�ڒE��-U�s~�AC�P��Ue�S�4m؀��kg)bʄ6Ng?��/�~��B��@��ym��s1�V��Wv��F��|��1��ԙ��/��{�:��B�=� �k��ܟ, ��E��4Ѫx��m��+�H�g�s'�k�i��wao:6h��6�1^s-h��\C�c�]��ڮ��͟T�<��4;�^�a��C��j�l��] +�X�I"ktK��Cͻ��a[Ń>�؛��,��*Ph��FVs�f�$�5U��z�� 0?�P��wXS��e��-�n��1 Ĝ�V\Sl��o#��md%6��Ü��N�:�`�o�mQZ�<k6�MںZ�rj��v��h��ť��׈A��>��x�ȧ�;X��Z��q켇a `�P�ħ��H�x��Tw�|�R�o�o��C��R��b��FZ�%k�~F��@�R�>e��y�/z�AB�zO\e�63�b�f�Qc��XP��$�&-N �0#L��SZp�V��<�QIL��N߀}�e�[�7:4� �.��˓rWU��P��߹~D:��M��}��z9+��X�q��>��-�u?�n�<�f��0��1!o3Q7�!X��-Nz�'b��Pj�b��_�|�%�!M*G@!�Rn2�_�è�3�䘢$V�r%Th�: U5ӥ�V� -�i�ַ�?`vwGY<0��4c��AI��G�"G�� `D�>�pw�T�M��J!h7�K��T��珂a5��r��M��Q��V��W�"��y�\nKS=�� s�Y[?Z��,�>7z�؍��,m�>qڑ� "�K-CS��3 �O��M'�ެg(��:�޸FV�7�i��Ӄ�u"�D|�՟F.��K@Z��A�(�=&^Q��̦��4� �:�h��r��+��|`FAm�Vz&��X�/< �ѹ կ��v��(q��;�%�]֌`��L(��1S�� W,X��X3��OOˬR!л3�� U��oH�|��<X��*��[ɿ��"H7�o��u~��!��\��])� ��;i-�K,�Db:��t��K\��b��!��,��[��̅�� BXčw�1Ɉ��\�]��X"�s�� ?K]X�@*��C�\��d@f�,�_N&��r�V��io��0M�)?�-+i* �G�ɞ�� k�VC�;'�$J�l�C��;�4Ĭ%��*P��0#r-�o�Q��<�V�G\%jsE��(s:W�S��q!��G7i:�<��cn�,��iI��Ug�t��g��p)g��P��&�[��ʥ"�)%��Zx�Y��(*�-t��TѶ��\~D��2��3j�3Ӌ&#��s(>-{]��܋,.�s꾣sI-��/��"�9=�h��MaYQ�x��2��Y�m-�g��@�u-Y�6O^�W��w��R��uu/K�VP��j`5ͺ:�%EmM�W3�/+(1��*�'@MT�ܻ��4 O��Yo�>��8��4��n�%0�Q'��䏊�eC��} ��G��`�.�'��I�-6HB�_ �g�3~�Q�>�}��d|��z�%Y��\)��,�v��c�*��6/L��;��O�S��FKO��~�[~y��X&5O��[��b��p�.��v><>6�0Ï'�>��u�4�z��`3��J��:�w��@t�8��w��)�eŏ�y� VF��Ě��ig�y�>�� U5�lȯ[J�| �iyڂ��x_;1<s�7j��܏�v;�D��2�:��Y �V>F��za��f��f+M��ڀ��dp��ݐ�n$��|��fR��]̅�C��B-�P�KK��Y�96 ��>\��i��E��05��]�a�1ȏ.B�)u�5�5K��d$��Ok"� WҤG"�+��qS�{�]�t� ▟%��Nn��4Γ��G��9�CD+}K!�ZXa��\d�yT��Zƺ��WmrQz�l�� y�\�i��2k��S%��I��ߞ�g59ʧ9��?�=H+��S�8l�%}F�<��e��h��Sw�e�U}��e

Sections

.text
Size: - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c27d6138d885d34c060608cf5599619

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 579KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 235KB

.vmp0 Size: - Virtual size: 887KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: - Virtual size: 579KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 235KB

.vmp0
Size: - Virtual size: 887KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 20KB - Virtual size: 18KB