94277195023b5e310f7498e111bf0cd66cfb3359c3cd37fae5fe2755b7ffd6ad

Sharing

Copy URL

Twitter E-mail

General

Target

94277195023b5e310f7498e111bf0cd66cfb3359c3cd37fae5fe2755b7ffd6ad
Size

1.7MB
MD5

ff046c6b9b3b832ec349bee652071987
SHA1

228e778bf20d0fb42d0ff877279e665f3ef0917f
SHA256

94277195023b5e310f7498e111bf0cd66cfb3359c3cd37fae5fe2755b7ffd6ad
SHA512

1d9cf5d60616302124c61c6036133df61b3530ee22e724d7b2deeea4a0303aa743e93cc44584447d89fbc0051906f64ba7ed64c2e275c9819c453f3f32180be4
SSDEEP

24576:DVLzilsxXo2PC/AFhJF+2oEhG4gxqlLWL0OWnGs5SqkveKO0kStHDAmIjBhuW5lz:x7xXtC/AFhJF+2oE3qeVPSXIdhPz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94277195023b5e310f7498e111bf0cd66cfb3359c3cd37fae5fe2755b7ffd6ad

Files

94277195023b5e310f7498e111bf0cd66cfb3359c3cd37fae5fe2755b7ffd6ad
.dll windows x86

4879f554db926d1fbbea436a3150f9ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrAryToUnicode
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaStrAryToAnsi
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaCopyBytes
ord550
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaBoolErrVar
__vbaLsetFixstr
__vbaStrDate
ord661
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaVarPow
ord593
__vbaExitProc
ord594
__vbaCyAdd
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
__vbaStrFixstr
ord520
__vbaFPFix
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord709
__vbaErase
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
ord632
ord525
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaCyI2
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaDateR8
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarOr
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaUI1Cy
__vbaCyUI1
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaStrUI1
__vbaUI1I4
ord710
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord714
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
ord535
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
ord570
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaInStrB
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord614
__vbaVarMod
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
ord616
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaUI1Str
ord540
__vbaCastObj
ord618
__vbaAryCopy
__vbaStrMove
__vbaForEachVar
__vbaI4Cy
ord541
__vbaR8IntI4
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
ord548
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

מ[t@��>}a��1� ��fa��<��"�{��{��re�,�� }��>��f m.��f-(�6%B��g�`��d��Z�܍��E�n��#c��k'�c�?�rcB~`R�0��`��|��^ ��z3̧F[��Z@kb�).TU#o�m��Z�y��1�K<u�So�|[Mr�x��g�,�J\?� eWC�@��M[z��Aj^,��2#�u��=�<ٱ��_Y��j� ��ޗb��t��;�W)��L%#�\2�E%Q�ءJv��$�}��{�J�E�#`�T��\4��~�SIU��f(��Y-�Ƨ� ��q٥zx��s~��4K��xS;�Xp�<[�XB�h�t��� $i��R�2׃��m3�^��;y��M2��Q��R߽��] �� r��r�)�H��D��"��c��P+Ul�O7��8��g�s�6��Ƕ��HM��^�q��_��>HfLQ��O�x�\�6�ٻ��՝��6U �$^�sΖ�o?r�ӯ޾�`чY`�l��2ے��[��r��lk;�1A� ��Iw?2��x��p�/�o�tۖ�e��t� ��s�*h�]�;ҾDt��8;�20�6%��E��M�P�[<�STX��'*$U�JOHُ�gM��l ��%��L��й.�ᘾ�4lw��H�x)l{�;�ཨ�Շ��%�K[A��\��7�%(�Yp!�(7�t~jB��HcS�a)G��yR~ۛ��O��6CTx�L�%}�}�}��mx��:z��mu��Ζ�w�]�t�N��*��k[<S�G�E�� m�f{g�P�|l�.�_Xߓ�GW��,�Jh��s��M�p�B_4��D��BŎV��X�E!��n+S��yt/X��tW͹"��!�� W:� +��vAq��I�J��6��,h�i�4|��#��~<@�6� �A+Ф��:Y.��@�T� %G6�ǥ/t��w � ��2�MZ]VdC��E�RXDʇ�{)xէ�mW��d&��\�ۗ�k��a��|;�u��!L!�\�c`c��.��#�p� � ΐ#A�,&�fBƀ��8|�| ʌ��Q�� "w�(V-��Q;��P��Zt1� ĺU��͌�K�-" �}&}��h� �n�Z��s�W�N�$?B��S//��q,�D�ti2j+��K2ң��-�g�~g�fb�JU֐��CL�0��v�-a8��Q>C��.�{�_Bmk��?ɰ�K��Q�fE��?�2�X��L#�F��2�~{j��g&n(gBX��ACv�j*H��˳�N=a��0��YdE�yo5:1�^�P�e�{��\��lV��i��Q��9\�wpM��v,�Ƙ=��`�x�\��)�aU��d��^=Տ ��=%(�ހ��[��>��9r�M}dѳw�= �}��7�,��m��Y@-I�ೆ��q�܋d�YJ�� :��E��q��zZ�ci��U �!�m=�Is��i�@v�*��_Szo�>�샾U]WR�n/��j#�D�ws�k,Yc��Z�e�o�ī.��@�^K�_�Re��t�`� ��h<RgP~s��͸��r��q ��d,�ς�I��V��$��2��}}̻쮥��H�g;2�PA��Z�$�2LW��>L��=l��,��4��eq3�η��>2��-��y�fM�%��k/u�%�-��3l��v��6S��RP�FF+��?��&,~pݪc�؝Z�6|7Ԗ��X}nu��l�6��V�*9�q��:8o�y��б�j,�&#1FwFf3��r�:Ɯ�&Q�O��/ڴ��Xz�4!1O f��9��3wj_E�p�XѾk��|��W�ŝ��Ooy5,��E�< Ƴ��F��e��FpН!�V�,��s��1>� �M��$��P<�$B:�'��Un:�q!D�[)ν�5�"��ž��i�y�H"��~9��޼�o�$dn��ѭ"�R�� }f�4��ظ#�TB��Y��%]y��՘%�g�Z3��I�f�b�lL�0� �٘^�б�R��߱��%�;p�uY0N��z��m�� 0�fÔ�1��/h�j��$0OGg�)V0��=�>�C��}�/,�X;a��o��{�h��?kݞ�!�$R@X��[��I�E��C�؊0��Ze�*B��R�:h�p��7`�9=�B\D[��/��\�F�uBY��*X'�8� Hs�TSˀ��kH�rH�j4?S=��AO��;V�Ku�#-��ڑ��<��;|@r��V\T��8+(�%�-��)��2��[�̎�T'��у�H��XRs}iǖ.|,��<n#瞵��?ʐHY��o��_|��:� ��P��ڼ��W�d��*ñ�K�9qf/{w��,$��l0m��ګK �{��5��G��l�AF;��b�2P��{��Kb)��cg;�J*B�=`$��9��EO &�]?X�z�=mc��ì��GrOI��OH=3��P��J9��r,=R�>��W��"��v��ֳ��逶��2P`a�7��o�n�#[�"%��=�Fxw�B�P��/��wԼ�,�4)t�j� ��H��v�p��~$��L��V֥s�q�:��%t�q��ܚ�=(��g~oz ]�ʕ�� b�y�6$ΒՎT�6S��}��Ә�Y�g�̆�I5��m]/%�bv�M�*VA�~�z>�9��^6'ZsK2TK�x��:��9�x�|n�<7��WU6@��öIL@��X�x��KMDݗ�lMkz�<��~��%��f�I��#�Dfbzd�ׁk�w��uo�iQ�r�NQl[= !�i��U��Zk�/�ȵ-�

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4879f554db926d1fbbea436a3150f9ae

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 15KB

.vmp0 Size: 156KB - Virtual size: 154KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 48KB - Virtual size: 44KB

.reloc Size: 128KB - Virtual size: 125KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 15KB

.vmp0
Size: 156KB - Virtual size: 154KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 48KB - Virtual size: 44KB

.reloc
Size: 128KB - Virtual size: 125KB

.rsrc
Size: 4KB - Virtual size: 1KB