d4baae26607f61437272254e7b207378f42586efd84e901e1ca7661cbc06a4a0

Sharing

Copy URL

Twitter E-mail

General

Target

d4baae26607f61437272254e7b207378f42586efd84e901e1ca7661cbc06a4a0
Size

7.6MB
MD5

66695cdbe8004e146325649b87fc965d
SHA1

2b146ee021791cb8a6c14365633c591831e4d2f8
SHA256

d4baae26607f61437272254e7b207378f42586efd84e901e1ca7661cbc06a4a0
SHA512

f603cd20640eb71a9eb084e4da7ce5282b75e5ed9cda353ccca4ce584ef632f5be32b0accb3e21d8c7bb6573ac989043e1cf4fe3e3bcb124f0b2e3a4c9381215
SSDEEP

98304:qdnDUKApiZfKUrT9Iipm+Wzn5GLcZJrRsXVXckehQM5oyXeRefyKKgAvtfvo3v78:qdDUu36ito5GLcHOEQbyXeFVZvMHA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4baae26607f61437272254e7b207378f42586efd84e901e1ca7661cbc06a4a0

Files

d4baae26607f61437272254e7b207378f42586efd84e901e1ca7661cbc06a4a0
.exe windows x86

e21e7110fb43623ded4ba159c5b940f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader

ws2_32

WSACleanup

kernel32

WaitForSingleObject
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DispatchMessageA

gdi32

ScaleWindowExtEx

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

SafeArrayGetLBound

comctl32

ImageList_Destroy

comdlg32

GetFileTitleA

Exports

Exports

|�"K��JF?��]��7|1�5��sѴ@jɾ��CV� �;�]��'�^շ�\��"��nś��~w��¯�*䜝ۓ�n��N-��a��nGr�(3�/�gj#��HjT��F�ͭ�V��&� E��Ú�&��ͥp��߬c�\Ґ�8��Y�*u�m��.U1'n6.�/��C �:i��B�� S�m�R/R�Mi��i!��e�Q��Ȃ �Z��:R~PF�s] �m��ݪ��A&��G��DhJ��>��8��lI�V[��x�?��v��7�֤V��O�Z $C��r��9#1�_22X}@_R��T.o��JMz�1$��b��`�֕q@z��V'�뀟y��쥳�e��-f��h\�K�|��&>��U��L�1�|",]��R1FC�_Ӄ�8W)~��#�7m�#�H�6�Z��[�'#:��[��t��x��L}��+@��c��مz1i�e�x��B}Q��J��k��<��ae�o�n(�PO{�O�s��&L�f�tACwH8��#U��W��P�9�)��',S�S�<�:*�"aC3s9�P[�#��!��q!�]��k�L)�'��Hw��M�"��\��ւҲ=m^9�l��M�d��r��.��c_��1ڒk*+��j㱁�wK�FSXo�ri��fԲ'47 �[��-�2i�ݲ�s��Z�h�[7��Y1��[��=//�:A'�Wr��\�J�C�+�)��48��ݘHw� ��?��X�_Ҁ��5��ly��͊��Kf�,��2D��rsu�8�(;�z�U{kx��Ҽ�i�~�D�~褩��p�[�8,�dg*KKХl�$;eMN?�Tm�w�u��^��#�*T��xrn^� cF�}r�x�d2��"lu��"م7��)h�>��YN3X=��:��8�ϋLhZu��x~�]Ä�5��'L��y<ɢOBHr`O��&�Z _c�`�nlyl ��H$;��0�>��|\��ۢ�<�[��t�^kI`}��јðXEuT:��j��ߊŷa�d=BŜ�BדVNkK�R�1��=n��V��^p��`U/��0�y{:u��D��Q��:,��o:��Ǧ<KC�� p�e��H.�� I��D�01�b1�yPy��7Sv�}��m�lxm@��(�#�ӂ�ov�X��&\�v ��8��{��Ū[3��O�p��F4l~ߺ�@�RO0ʹҞ=<��0�l��Ҝ��L��o�X��)S��y��e��H>�%d<X{yy�6�YJ��>�� U��r�"=�׺V�]$��J��?ձ,��Q��Ѷ��}��}-�Y��GW�ԙުs.u��imC��\b,LM��GqSF�K��9'ۗ�Ѷ1WM�;��Q��PF�M�4W֗�w5ƊI�릉Y?_�Ca(H H��0&v2T��.g��)��Z��?q��'+��s��Q� ��E�Π}�E�ߴr��G��V�<��^<��C��ܿRi�Nk��Zo�o� b��1��0��PR)(sQ �)^�`��\5$��Qx�YER;&�[��զ:��3+S�QE�=3��3E� ��sF^6�]q�J�b�YÇ��"�ze��<�P��خ��.P��/�%1��Q�=�m;�kO��I�Hۑ�'��P��4�s�geK�G��5r�l��@Ɠ}��g��1��pF!��ܷu��ld,��W"u(I�Ƌ)�dD�^��7Ngiy�� ?,Z��{��آ�c8��7tKn%��1��띨�'C=��%/��0.0��̓�&��ME�� d|W�JA� i��rm�!�3�HB�V��+BTZ��@�<��Ȑ�7�K��V$�l�l��V�͵?>��B �Ýj�_��=�2�Q�Tg��s:��C�j8�}��#`�{X�Xgq�:忇��j�k�0��U��x��Θ��(��byzTFj�6��53�g2d~�'�᧰�D��j�,�^�i�#H�cP�duO[�� j�DI��C]}�UҌ�u ϳ跋%ʜJ��d��9�H��o��.'C��C��1��K�Z��M�D��$��x��tz��aO��5�lS��]u|c뀞�{}1�nR�U��(Ar��A�><��a�(��X�*��5Zg�9�G�R@��`�;�^�-�loU��d��AX�<-��Z�O<L?�iA��qt ��~��;ل]"��ߊ��v��P%��^��:�)��*j�3u��Iϴ�i��:��PLP';s+n �A��a��T&��%^6q�^/��wӴz6�l��E0�u��~_��6�}��7�@��\}�]�`��jm��{!v�*�r��|��u�#S�`?� :� ;�r��Ӂ�)�k�0ݘUÉ�hk�,*��E��몢��a9*��S�e�I�IaW��0��EF%F��bjX�Bѳ+S��R� 0/�T�OQ��RLR��n 4�<*�P4�(Y�G �*$Mqо��eMDͳ�/��;��=#�A;�q,�7�� RH��Jgq��e97��BP��uv�&7%�}�t��u'VZ3 �t�?UE�.ld�"�p](�-�9��ҕ��>��+g4j8@>k��D��j�� ڐƤ�h�f��^^�K 5�]O.� ��m2��?��M>��r�q�j��n��;F��F�K��R�� X��΋e�9�e�< ��J!89��v��m��%��ڬ��v�=��,.��|��P�jM�v��+�<ֆ��oK� q�d'M�Z�~��2��uD��C.ދr=� d��p�:�av�.h��S-+|*��p5ވ 髫V>��\��,�k�wU�/��%D

Sections

.text
Size: - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e21e7110fb43623ded4ba159c5b940f0

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 929KB

.rdata Size: - Virtual size: 263KB

.data Size: - Virtual size: 394KB

.vmp0 Size: - Virtual size: 6.8MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 7.3MB - Virtual size: 7.3MB

.rsrc Size: 288KB - Virtual size: 287KB

.text
Size: - Virtual size: 929KB

.rdata
Size: - Virtual size: 263KB

.data
Size: - Virtual size: 394KB

.vmp0
Size: - Virtual size: 6.8MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 7.3MB - Virtual size: 7.3MB

.rsrc
Size: 288KB - Virtual size: 287KB