ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e

Sharing

Copy URL

Twitter E-mail

General

Target

ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e
Size

608KB
MD5

ff871e922b321983d78f1c4459f4abfd
SHA1

bf314c6fdc95f4a5e9d12ff121b0738f57b197cf
SHA256

ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e
SHA512

5b6fc65d83e3da2c10be8b7dc1809f3cae8021eafe92fbee5df3530ae24000dcd8ce95217125cb5d34fe082b18e15a0fe411e1fea64cc09619dd6fc245eee3f2
SSDEEP

12288:5+r+cSVouZt9dfcee/xRu9QxExA7ZPbx6D4RKE:5o+6Ktoevyxp8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e

Files

ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e
.exe windows:4 windows x86

9983d42a45353d7e0848caead7857cae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord695
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaResume
__vbaStrCat
ord552
__vbaInStrVarB
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaStrDate
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
EVENT_SINK2_Release
__vbaExitProc
ord593
ord594
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaVarTstLt
__vbaVargVar
_CIsin
ord709
__vbaErase
ord632
ord525
__vbaVarZero
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaGet3
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaI2I4
__vbaObjVar
DllFunctionCall
ord563
__vbaVarLateMemSt
ord670
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
ord710
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
ord570
__vbaVarLateMemCallLdRf
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaAryVarVarg
__vbaVarCopy
__vbaVarTstGe
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaUnkVar
ord617
__vbaRecDestructAnsi
__vbaVarSetObjAddref
_CIatan
ord618
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaR8IntI4
__vbaForEachVar
ord650
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Exports

Exports

��Pd��l�7�;aQ��,_V;��rQ��E�f��DU*�볽ͩ��Vuk>�PS<�L)��)jV��g�� ߭��A}��|ը��I�]y"�v�_�x#�V<�8��\��}@�-&�rd��l8�kd��ﾈܭ0/[�F�h��dA��\�~F��&�^=��~�wf��P`q:J��1�N�辏=�C0��H��~I�a��f�odc?�KN�d��6T)O��`6e��ur��7��4.��Q\�$vn@,�n��* �F��\�6��ץV�� J��5l�T��QAө��2!#̘߂ʌ�]��:�� rހ�H��ccOL��~�d��+8]��l��ɾ�*Y��ך_�s�� 5��2 �'��<��H��c��.��R��Vc��ř�Z�� [email protected]��j��]�L*IF�n8��d<�lP��j��EM�&��uQ�UX�"��e#��$�KOe�F{�S!�E��RַxPW!E�Jj%N�5�%��re.�B�A��)Uhџn��g��y6��h��F�a�>��>��[�3Ff]Ԑ�H�0��I��J�1�mP ��n�C?�"��[�� T�+Nj�A��¦s��6��Q�L�/c�iOE?PI��˪0X��ȗ��ߧ�{�ܙ}�u.�\9L`E4hk?�1,�!��b��|�4J(�MPm�䜽h@��/� �E�=8 OxL��o��"�b+��"?�3K�P�!oB�t[}��94N;�}�!".��\VI� [x��=�0��f�C��4��{T�̢9A�#u)�˧�3�aG��.�o��C�U�`��g�9 Ʀ\�JV��G��[��Ǻ�e�"܈�̘�@�$�+B�v�Zͣ��/p�pH��/-��d�c��n��Q��s�Xn5c��#��%܅5�y|��џt�@��}3vj��d"{��g��92ڬ]*˿`��/�M=n%��:��q��(㽳ˢ�j?��P�Am!W�]��4�?A]��5�`#�> [�tB�f��%�?pзYԽ_'��^��r$[[^��l��+�!&=�)��md��ȍ�2,��.3Ω��i�p��3��{ne�G��m`�óR~��I� �� wW]��яB��J��sZ;�kl�)��?��Q}A"��7I;��h��ĨG�h�<}̔I��h��O/��0JK�X��)�<{�oT�SX��jvwP8��!� �wׇs�g��F��H�A�.��b�rn�]iPK��s(��BS|1k�V�=�@�vca�ә��ʃg�xYM�wv��/,n�>�C6_�lhqVQ?��X�U {?ë�G^��l�f�AnGbf��2�-�OLK��_%$fl5�q��G��C4V%n�"#�?�)5 ��[��C�Oz8��I;z.��3�ָ��Ă��"TPz�3��~˿i�̍T+��)"�$��y��x#�Z4v��WR��0 � ��*��ZS7�mԯ��(:�� o��Ǝ*V�w&g8v{J��B��D��TY1��R��z��);NM�7�u��EN`�(m�y��Ξ��Tb�2��F�`�͖G9Ġ/5�<u�?l�}��2��C��D�<�ʃ��X0W�/�=Y~"��f��y�Єi80��0��q�:�i�Z��Z�q��)�F��uO�LMu��q��oh��/K4��-=��"�g�`R{�� ( ��3/�#<뷹�ZN9Y��fm�O�%#��{��T�!�}v�]:Z'��e:��>{�Me8YJZ��e�J��-�3�t�IJ~$M��}8��.��HR��w Jn�L��b��K� 7�q ��c�*�q�s5^��h�'Z��$e��b�E��o?+�C$��q��T �4��Mv}!O�oWZ�SwC��L��m�}�n�ڷ)��!��(��B�I�}��Gw�Yek�xMbGRF��3��=]0�prl��|�+º�GN��G{��>`�^q@�K��Y_.�P�ďg��yB76��qm��IP"�b��~�ZfN|��B�!O{�F��i�L|D�U|��Db�<�Z�Rm`��]}�{,�N�g��ܖ��,�(�-�*p��XI]X$E��j�f�-��:��c��*�l�.,HR[O��d?�ۦ2��-kEa��B��Z0�-��9�_]��{�$op�&��=��t��sg� �y�d�2o3��KG�T�i�n�2y:�yL�T��ȏ}�F��J�#��n��E@w��t��׾�:E��.`�Q��KN��H��Z�2�x��BCa�e�ۨ^��=-��P䅃�6��[��;�q\(��l�KU�p��*�L�b� ��w��k65��f��V.��.ް'i>`��8�mҙ��x~ː�� wX�A��i��^b��X��wǋvݙ1�$��u�u�ww��o"��2a��: ��q��!Y��4e P��S�{;��]��ӗ)�a}ר��:i0<=�'�tu��c�z6*�ACH?$KT�:�o�0pAc4��Y&n��Aރ��&ʩm� �ٖ�_)8�Nmr'-)cLU.n�fY�U�qY`�^NQ&�5�Om�<@�6~x��8�Wy��c��b��p�=˦<��0�_�hwQ��E�WJ��;�@Ǎ��ߏ��nhNI�OԘ��Gf��&$� Y�U(��Y�,=M�k_��>�՚l�"g� J��N/Q�p e��L��g��5ꎋ��\�}�6��$[;K�sR})P��CT��3��J�}��վ4D�i��]hz� ̙B��B8Φ�a��+��R�'��/A��2u�m��ʧ��)ן��Z��}�/ge@�HY&

Sections

.text
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 596KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9983d42a45353d7e0848caead7857cae

Headers

File Characteristics

Imports

kernel32

msvbvm60

Exports

Exports

Sections

.text Size: - Virtual size: 98KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 2.0MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 596KB - Virtual size: 593KB

.rsrc Size: 4KB - Virtual size: 2.0MB

.text
Size: - Virtual size: 98KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 2.0MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 596KB - Virtual size: 593KB

.rsrc
Size: 4KB - Virtual size: 2.0MB