edee907244aa65911059ec7fec7a2a728d127606cc1cb527020351c8aec49cfd

Sharing

Copy URL

Twitter E-mail

General

Target

edee907244aa65911059ec7fec7a2a728d127606cc1cb527020351c8aec49cfd
Size

1.7MB
MD5

f16f0c764d4dc6cb953b91b41e683ba0
SHA1

69e9ea1360da8f123fd3547ba55c802b85e0e3e9
SHA256

edee907244aa65911059ec7fec7a2a728d127606cc1cb527020351c8aec49cfd
SHA512

ecdb691b05a0ae03150d8e1434691d24f46f70182471b1b994d16e8701eeea6cdb20c13a5a5c03d60b17a472ad60e64cb4190c42d7ced1e381cf88c01593e74b
SSDEEP

24576:F8RzQlmATN5U76A1M9dZSoTm/eIzKItLeLc+gu2svSoSpBtv94zAELOv+q:CdATk76A1M9dZSoTmhp7l4+5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edee907244aa65911059ec7fec7a2a728d127606cc1cb527020351c8aec49cfd

Files

edee907244aa65911059ec7fec7a2a728d127606cc1cb527020351c8aec49cfd
.dll windows x86

4879f554db926d1fbbea436a3150f9ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrAryToUnicode
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaStrAryToAnsi
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaCopyBytes
ord550
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaBoolErrVar
__vbaLsetFixstr
__vbaStrDate
ord661
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaVarPow
ord593
__vbaExitProc
ord594
__vbaCyAdd
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
__vbaStrFixstr
ord520
__vbaFPFix
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord709
__vbaErase
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
ord632
ord525
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaCyI2
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaDateR8
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarOr
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaUI1Cy
__vbaCyUI1
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaStrUI1
__vbaUI1I4
ord710
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord714
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
ord535
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
ord570
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaInStrB
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord614
__vbaVarMod
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
ord616
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaUI1Str
ord540
__vbaCastObj
ord618
__vbaAryCopy
__vbaStrMove
__vbaForEachVar
__vbaI4Cy
ord541
__vbaR8IntI4
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
ord548
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

_7�?�Kh��j�1X t[��n��jh��ʚ�W>s�� j��g�`�-E r��s0F��n��H�Kz��4+�yReD"��i� �x4�y��]hh0d H(�U��֔)O��|B �5 L��@��$�l>!��f@�6�0K�ݟ�N��^B{��!��x�3�_Ma|[:��Z~uU�C=ã��qt�ӆ�\B�,9ހ N��3��%�5��]��e�8��v$��Gk�jI��f��iŖ��g�4�.X��~��)�f��8�2sG��.6��>ؔ��?-6��kf�Ի��D��S\7��ul��x��,��M(s'ȴ%��;� ��&�$��fmP��>2�O�,)��=/��]��,QS!��!\@��[��J��BO�ϓ� �]ju�̇3oE'nh��+)T/W9��c�:a*��x�~ޡdނ��+�ʳ�.�-�,ooZyWU @֑�ו��ЙGl �t>#�"5�.�7v2�� &��&�l'�U�pn9U؉{�4kGu�1��9N�x��:�%nh�ɘe��U`�� `z1��m#�'X�_@r�廜��]��e��Vi�ǟ]Й42<U�ZCB2��q��i�3_*1YȢS�A&FR;C�$��j�flzR�ލ��¹�u��.��z��Ȑ��Lݲ��i�@��.�F��R�'g�0N6?�!�� bJ��T��G B��K`5 ?v�ʵj��?�k�y��@��א�D"�l{��#�f6��Yuҍ�憺|��5(٬��,�G��mRk�0��tp��w��>ˢ�` ��eW��RN^s|V`��7N^=�;��֬"6�X�ߠ>�MRGj��x�8��S5�⼳>O~�Vif��i�q��\.��WSܷ��.�ϲ%׿��e��G�e�K�|H�ܽc/�S��r��?*t,xV\� ��c?1�w�]51L�c�_�"�L��H��W{�m��9g�&9��Zd��Ul�˿��'�F7Q=�v�qK�XW��g��ܔɌT �A�BԌ�_�y��?v��3ʙM� �r{Ӌ@Xe�.�5�_K�#��<�t��oq�1qQ��!sM>O��830�6��N�zXOT�`\�"`��-��k��WSfd�6�n[~삍�n�ɣGeM�k��fp��{�n� =��:�c�u,%|2��Yz\pLx��d^��Y]�1]ƨ��m�\��c�� Kܗ��ă��241��c� ฮ��YJ��5�m[L�w��"�˅��A�� +%�FAc�ND�+�(��3�i�U��O�p;&@��M�E��K�ګwO�(�\&I�)k��J��}��+ve@3g0\[�r��/��W.��5o!��؅pnO��6�ˣ�Э%1Ç%L��˹2��N?�6��Nn�0x�-� �@��M �!d��=w`m�*��5��E��s j��K�{&^�u��{��{�b䤱=i��O�o�ͽ>1/��H�-��Ҵ-��r� B�� C�Q��W��C�T��ǧ��ʔݟ�Gn��2�=]��%�y4��`��&��(~=��-+kň$k7� ��Y��+$�N�)s�1T�H�� -m'��k�ˤz��dA�.�I��jX&'�&��)�K>��` I�7LdQ�$0��X��k:#`[��ʘ� ��)/�Ӛj�n �w+�Y��̈�i]u,�Hy�� z>�3��v��Y�t#G$�@�yu<:�^��lO��?�脆p��V78X�ų'�9\vAݟ��н��O��ފ�� jw>O#�#u��Lؐ� a� �ңf==�3av��Gs&��]6��̣C��F@��6Q�w��Ҹ�"�� O�it�3@}�0T��Y:VU�vβ��.dh�)��=��V�I`�� [d)��#�R��f��F *4��S��U�7h��KLD~��W��S��9��O ��y]��5Э�5NX��QXL��;��wc��ū��`_��Ys��~�-+��!��h!s��8]��2��vO�o�{�LC��!Y�!��G�r�;�/4��<�!�K_ɽ��J��[�'��d�jLȩZ� VӅ8�<g%�m��U;�(�WsU��'F��eO ��c}�8�p�y��1ؐ�QQ|��o��)'?�+�:�HN ��NI� ��v�H=u��%.7�~�% +�B��ϓ�b�ڠ퇮��kJ�3�q�#ȼF�y��f��v�Ez$U� �� ^t��%6�z(�y/��b��W��r�-n9���h�G �:ߔ�lkO��z�+�8z��'�bdct �!��M8��e��D�q�QY�|��D��t�"�e�}v͇��#z�K�md��5 +��X�!�_�J�E̠��\��-|�Fh��ΕK�e�?�im�D��)�j��`G��Á'��bG��V��Y��)� ��h|״#L��7b(��a�"��I��=��}0�^B��8f�Ӊ%��(��Z�d(7)��#��)X�F�Qك(6��o��SEZh`B!��i�R�}��ԁE>��GܠcR��j'zMG��3}xn�$O�[`FOZ�C{lE�>�}��b��oov45�뎚:� Cy"�Un|�K��2_d_ p�)��mS�&d�LH��)��.3�� +��;`��{��0��@�oV�1��|�JM�}�iӡ|�F�]�@�;N�C)��߮��UHԞB�3��dk$�=�{�Z#��U��S��s�:5��kG֦2i�.�5�Ii��p��0��Y��D��Ѹd�{��z��mXJU�A|5�nt[��F4��L�_|��z>

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4879f554db926d1fbbea436a3150f9ae

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 15KB

.vmp0 Size: 160KB - Virtual size: 156KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 48KB - Virtual size: 44KB

.reloc Size: 128KB - Virtual size: 125KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 15KB

.vmp0
Size: 160KB - Virtual size: 156KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 48KB - Virtual size: 44KB

.reloc
Size: 128KB - Virtual size: 125KB

.rsrc
Size: 4KB - Virtual size: 1KB