98a3c06d8c98c549d3cbb06055f912842da5b85f30815030f8eaa0ec051a4e1a

Sharing

Copy URL Twitter E-mail

General

Target

98a3c06d8c98c549d3cbb06055f912842da5b85f30815030f8eaa0ec051a4e1a
Size

5.0MB
MD5

f965c04378bc1fe1f40b323f23ba9f6c
SHA1

8bd3c62a4a66b2566992c418867c6609f7b462a9
SHA256

98a3c06d8c98c549d3cbb06055f912842da5b85f30815030f8eaa0ec051a4e1a
SHA512

5c3e0ae846087d2ae491be92fa7030b55ddd53bc8a500dac861e395a53781a130e1e650543e28e0af4284abfad1db6b9c04730a97c72f52caa825ae92457a7c3
SSDEEP

98304:HcgBSRWkfMTM1aUanZ3Cjc9jrn4tNcCjvH0mB9wCjey5jVmUsqXE3nCz9q6Qic04:HcgEaznZQchrnMN9vH029heaUUlU3CzC

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98a3c06d8c98c549d3cbb06055f912842da5b85f30815030f8eaa0ec051a4e1a

Files

98a3c06d8c98c549d3cbb06055f912842da5b85f30815030f8eaa0ec051a4e1a
.exe windows x86

5f8a29224bdee2b5ea95dead532f0293

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawTextA

gdi32

DeleteObject

winspool.drv

ClosePrinter

advapi32

RegQueryValueExA

shell32

ShellExecuteA

shlwapi

PathFindExtensionA

oleaut32

VariantChangeType

Exports

Exports

b�{�3#V�}��%@��\�� V�].��]l9�bx�ـ��o �[�Λ��ډ,G��t� �гkR+�[2�k��υ]53��f�q�qb�!� ]�K�]��`ݯ�E��͘6C��xs?7 �k��X��A�!��rV�Ej��8��&�6��]�5zԐ?��iC�mƘ�.5Ⱥ��kb��-J��ݪs+�q��g!(gP��#ڄ�A:��4�:NΖGa��{�� L)��K��I!?�*�,%�;_��OZ�%-:Tp��(0�;\1�̱�,�8/��s��cf�A{�`��l� �C��;��-?R��rJ�J��6$u�Q�LE��G��a*"&Y�Q)��3M��\7�r��@h�lpJH��͸��lŖِ�>�c,��dW}�lպ;��m��eE�F!�f��ؙ��qʙ�Gٜ��Rұ�+��*ߕK��vD��Q�;!E��39��$}Kg��o^�vʍA�� i�|�'e;��zo- ��ep Q��1��_��0��|H�iH�c~��X@�F��K��0� �L��Ds�_��U��u��%��ܐ:�RUkT.��j&��N$ӷw��L u)c��S�>'sA}��_� |"��.Px�� $�~,�+ m��fo�OK{w��:v�_mI�IFi-�_�+��I/�Y�?Ja=�Ҙ��T!6��V<_�+� {Wnv��Ъ��/6i��*i>�^Qp�M�ٞ�T|3Y�u��8ؔ$�\Q��n��*��9��0��u��|*Ucz[�n�/��)͝��Q��#1��M�Pco��;�QH��W��u!v;j��g�W�D�^�Jk��R2��#RD��)��^�I?t|�s7��Mk��.ؘ��4a�vZ��^�2m�_o� b7ň�T��j��"�-ԦM ��Q��r��1쇐O��Ym/�x]��if^�=YGA�p��aj��o��9�f?�M}y�aLX��]��ȉ6ζJa/��-��T޹�<ǥ��ٞ�-�ݡ`V��A��3�GJ�ݵ�@�s��<� �M��5{Â�h㲪(�)��Q��/�Ҫ.��v��JM��Zl��Tg�KBz`�<��Cw��]r]�Vڗ�\�PC�Jl�@Kj� �P~2��I�Rf��A�|��Z<a��Z��%|f����و��>��1�E6�R�ǧo;��%L��O�Y��S$�a�I��j�3O��tX&�c�PWM��0�k�r�`/b��Cw@��i��O��Hpk�Mo�%X(��p)B�j��D��.sH��d�(��BQT�nu��%m/`_��/��y��v�: _ٱ��%kb+��/ҟ[-��Y�+�34��(�lo ��Qξ�>(]��Ad{m�K]��<l��B.'bTX/Yb6�`�On=%��K?��ї�!�V��_g��)�h;��n+�e� ��ğ>��qX� �K�|a}c��m��:�L�D��7��b��b=��uL�1�%�w�owsdiyQM��n�p,|�$e��X�� ց_�cU��RMs{?��%��5~�R�7�NG5�u=.�Zq�įVWj�� ӫM��~��Vi��SY��@�ʼن��}c��2MÅv͡�H�;��w��iԏ��o�lc�_Ҕ+�YASU�a�|��C{�Ld��xg��J�r�c=��!�*q�Z��l0;�Wi�6��m�M*��XJ`��z4Zbp`P��"3Y^:��W��<j�5�(��A>>�(5��h�E��%B�ڛ^��/V�'��:lߚÕH��; dl�"ïU�;��+Ć��/�ַ,��t�oݣSm�4�<�j�T�s��-&�f%�k�rf��b�7��ηz��/p|�fv��%��wXw\�o�5�.�?e��/ ��+1��;�� Y��ξ��Pc��e�^Ayo��w-ݽ6n�Ehs��q�J��Q�c.K�)��&��68Kb��`Ԋl�ń�g!�!�Jl��}_=�4�Hӻkz..q��Q_�JuH��8TH͵M��A��xDB��9�~�F�'$�N#Q3��A��3��4��<�ZO��s��Zh�-N�x`m��&{��WYy byv[ϱ��g��|ƫ,։��G��OĈ�K��d�ԟ��5C��x�A�8�ֆ�5R��B�摑��a�缢j"��hڑ<p��i��Ѽ�:�y�k�7�C|��Zp��TVE`.+�J�N.+j��8P��ts��0?��$�&��!|�_]�[8� ��98QS��Q�Қ3Af��+��sCU�L��d��5N�n��b��z��T��P,�*�U9�!'1|�Q��;~5!Z;4}m�s�H��q-W 7[��2��l�O��w��H��˛��B(��P�#�,�S�I��a}<��!j1��?\��]�#�扲Г��lkk7��R#M>=h)|�7})��ݽ��sԮ��h��R��ɪs�]��Jd�;��j��Q�*�X11W7f��2��H(��5-SU�|�,W'��}Õɸf�T& �)\�_S� ��h"VbN# A��h��U{��=t��7x�:��Z߿]̲^֊Y�E�[T�5�x|�.��M��2K(��-s)��#�,��9��O�֛TR��$ ��AO<6><_�[��6D{��9B�y0��&,�uAW4�y��'�J��Q(i��G��$ ��L�&�<( %%f��v�#��Cn�Ee�A=��){��S��: Ĭ�I:�� =�D�;�#�d4j`��%3P��5�dc�ܶ62(��`G

Sections

.text
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f8a29224bdee2b5ea95dead532f0293

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 137KB

.rdata Size: - Virtual size: 39KB

.data Size: - Virtual size: 1.1MB

.vmp0 Size: - Virtual size: 5.3MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 137KB

.rdata
Size: - Virtual size: 39KB

.data
Size: - Virtual size: 1.1MB

.vmp0
Size: - Virtual size: 5.3MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 4KB - Virtual size: 3KB