e66a6e8fa752429a7b2c0c2f8189e0ab1b6f7f151b2b42ef680b57a73f5387bb

Sharing

Copy URL Twitter E-mail

General

Target

e66a6e8fa752429a7b2c0c2f8189e0ab1b6f7f151b2b42ef680b57a73f5387bb
Size

15.6MB
MD5

4f598c206c735adea993de11d2b5ee33
SHA1

35137ed6fb1e41fa3c4a5f5cf07ce98783aa67d9
SHA256

e66a6e8fa752429a7b2c0c2f8189e0ab1b6f7f151b2b42ef680b57a73f5387bb
SHA512

cd0443604208d2f4a9796c33cba084aeed0f8fdc0ce7bc9778a2013605bc5c16d0521ef7be7e1afb3a6a79ed6d48a17c76bf568dc799062914aa0f12edacc750
SSDEEP

393216:IP45wldQm6da4W7KW9i66rKQ1F2vgeF5TAkx2GPKN5O4:488Qct7n9c1I4erAISNY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e66a6e8fa752429a7b2c0c2f8189e0ab1b6f7f151b2b42ef680b57a73f5387bb

Files

e66a6e8fa752429a7b2c0c2f8189e0ab1b6f7f151b2b42ef680b57a73f5387bb
.exe windows:5 windows x86

fdaa6b2d564dea909b204d132fa7fb7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

GetVersionExA
GetVersion
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

iphlpapi

GetTcpTable

shlwapi

PathFileExistsA

ws2_32

ntohs

version

VerQueryValueA

user32

TabbedTextOutA
CharUpperBuffW

gdi32

CreateBitmap

advapi32

OpenProcessToken
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteA

oleaut32

VariantTimeToSystemTime

winspool.drv

ClosePrinter

comctl32

ImageList_BeginDrag

wtsapi32

WTSSendMessageW

Exports

Exports

iv��p��w�Z��U+��x�D�|��V��x�{62s�$ _��r��a��e��>��dD��b]��qcc5dJ&�酯��;?X��|�7�?+�i��t5��pC��$Xd�D��ŋ�s&��0�a��լ��'��^��g�9i�J�<�~��]t. ��5 �$��sG��h�I��P책沃>`�!�$�8vi��vy��X��|��8�S�B@l+97v�5#��֣�o��X%^��E;�i6��X$H�Ζ��t�K!Od��&�Ӆz?��⾡��K�9��؁��UA��|�`B{��9��Â<R��8Tx�K��Z^��nH��6��q�\8�f� �W��@AL+X`��}��-��E�i��E��P��u��{t��>-$ʳ�F��Ŧ�l��!pŰ��r`�t��sm0�"��ڡΑ=3��i��a =�Q��3��.Jie��(�O�k�k�Hەm�̮YH}PCXgf��h3��R�I��gͮ��vj#�d3A"7�p�G�7�=�ܔ�y pby"zʜ{ ��N\��9C��"Q�l4��Jd��r�m��u��mIP��#��Nد2�䘹3�L3"��m�.*�p��mhDv[�ɯ4\i�yQ=��e�T ��r��-��%��H �z�fl��O��2��7��bw\�S��xy�8�/�]�U6es{�d �6��M�C�+��y.��5��p�3��ö�h�#��A��&��ю,��-_�}o5��# �ACk��V��!��{��{��"p��6��m��b��b�2^ֵCN0xC�>��o��i��F�pnW��M$��V��K�M��o�uv�^��j��AG��h�#��م��á�Y��i��ّ�L��n��*��{�\��v��5f^� UQ�׷�A��)�%At��H�D��Ȋ��m� 8��&V� ��![�ޭBHd��v ��d��ZNn�0'Eد+ݳ��t�cN , uyk>�(�Έd7Y�D��9�&:�~]� ��Gp ��h��6!$��}��۹�m� / ��ؿ[,:pO��ٱ��+q�-2x$�f�MF�Y�]��{��!jI�SJ�q6��,c�z��9�DV�Kɥ��Q�d$��x8P��I�X?ФLz��5l1�=�7!�)D,e�2�v��/0u?�ꁟF��B��@#m��ܞ�G�qc4 ��R�lB��r�=��J��Z��D�䖤k�l�T��>@IZέzG�I��_��uj��z�z��6/�wCv��j��h|�\X8�O��B��KBa��r��Μ2��[ �q��x<s��A�|��ݥs��I�F�)��cPM�O^��X��>�\;�ӊƽ0�G�*>�'iJ��)H;��c�M�Tqb��Q��,C!�I�eh�� 4ڧ�H�T/��|/�N�A�l��޲�ۉ!�_S� O�B�B�ψ��ٷ )f1�jmO��d�:<P�;�t�8@��tk �&^4n��r��?��t-�u9y �5upQ��N�t�<v��:��j��CqC��Lp��F�B��d��D�j�F��d��QW*N'=v�3�@��3��ˏ�o�$��x�px<�<dA��P�S<<�^�74��Ck�*u��b�sW=f��T"K�� v��|Z%1k_��1��Q.b�L:!>�ݡ�g�}*�[z%ufj��bv��ws�(�Rv��S�ǂ�>fh�w��3'ᓞq��4�VVB}�l�n�[.�g:��H{�-��Oz��妭��y��v;�� k�m��q;|] ��L9�M��U5��J#x��1ey 4��&��+Y��H�{᦭>]g�9dOu��E;m;�j�=��F��T��΂�Z�_1��D��/�V�F�Xf5��k�w�w^_�T!G[�jp��i��j�aK�=�8 ��1{�:|��G�,O�(:�$j��kv��3�{u W��B��0kGf�n�O' ��w��fuE�q��d>�� m��NN��Y� X=;��i�$o��W��:�g.�X��ו}�x��䜴O9MS&G�H'I� bK�G�c��A/,*��`�'��K��K>@�T�-�b��#��Kh�c0DY��.��)J��A�yR�2`r�"��mgE�"y<g|l��kͰ+ܚ�BR��i�"T8+��C�ҷ;U��;�Hɨs�X϶gj��g�j�t�Y�8?.�D��3~7��>m��f�^��V��.s��B�� b��9±"YA��U��B~Z��S�oO�>g�v�݌D� �E�͝7FW1^SE�优2,yls��x��,�"߅,�쑩j�I�W>�*�2�8_/��}��>J6/�|� �.��P��4�x=_�Th��[�oz9ڻ�Ż��0|��x��{SON�|RE��%(��,�^1(|�R�?t��,W\�fq�D�pt��"Em"bZ�7�2Ar �F(�ĭ��Xe�2y^��T9n�X��C��aԒ�0¬ �yl�*�M��z��TQ�E��>�|%�K@W��0��>Yh�'?ǩ�PR� sx�h��,�n��j%�`��}U�Dk7��s��2��h.�I��m�N��h��B��Bíￛ�BN��O��2�b��/�n(ΰE[�z�|_�A��.��c��U�?ב��b� bIj)Ts:�Wf��=��;��k�Ud��pٟ��+- ��o�u 7��@UH��! =�Z��|��@5��CF��fKh��)}]wJ��j�(a��[�+y+y��)�

Sections

.text
Size: - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 15.6MB - Virtual size: 15.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdaa6b2d564dea909b204d132fa7fb7e

Headers

File Characteristics

Imports

winmm

kernel32

iphlpapi

shlwapi

ws2_32

version

user32

gdi32

advapi32

shell32

oleaut32

winspool.drv

comctl32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 613KB

.rdata Size: - Virtual size: 22KB

.data Size: - Virtual size: 1.0MB

.vmp0 Size: - Virtual size: 14.6MB

.vmp1 Size: 15.6MB - Virtual size: 15.6MB

.rsrc Size: 4KB - Virtual size: 644B

.text
Size: - Virtual size: 613KB

.rdata
Size: - Virtual size: 22KB

.data
Size: - Virtual size: 1.0MB

.vmp0
Size: - Virtual size: 14.6MB

.vmp1
Size: 15.6MB - Virtual size: 15.6MB

.rsrc
Size: 4KB - Virtual size: 644B