a8fb4aa3aab6201dcf2ddb6816fa4e1da2d49a4aa5ecd1572194b5f8c7580e8d

Sharing

Copy URL Twitter E-mail

General

Target

a8fb4aa3aab6201dcf2ddb6816fa4e1da2d49a4aa5ecd1572194b5f8c7580e8d
Size

548KB
MD5

90d3c024b110ea88bf779641447317c8
SHA1

8133632a785db8a9d88c01ca9e5dffdf64d968f4
SHA256

a8fb4aa3aab6201dcf2ddb6816fa4e1da2d49a4aa5ecd1572194b5f8c7580e8d
SHA512

8e0ff9119742511613538444670b117c83ef7a0712cefaac49e7a50c002ea0009cecd9a861f7a81a24e85e5e0c67f5f383bd19ed4ff743a61ce28a9c75b558ba
SSDEEP

12288:2u6Gt+jRQK6hAurFlGsel2e1DUcgTmXx7fmG2v7Yh9/TyqAK:36i3Mse8eI6FfcYh9+qA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8fb4aa3aab6201dcf2ddb6816fa4e1da2d49a4aa5ecd1572194b5f8c7580e8d

Files

a8fb4aa3aab6201dcf2ddb6816fa4e1da2d49a4aa5ecd1572194b5f8c7580e8d
.exe windows:4 windows x86

fcc972b66a4379d5ec6399afbf3f2a16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

OpenClipboard
MessageBoxA

gdi32

GetClipRgn

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

ioctlsocket

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 532KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcc972b66a4379d5ec6399afbf3f2a16

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 506KB

.rdata Size: - Virtual size: 80KB

.data Size: - Virtual size: 134KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 159KB

.vmp1 Size: 532KB - Virtual size: 528KB

.reloc Size: 4KB - Virtual size: 232B

.text
Size: - Virtual size: 506KB

.rdata
Size: - Virtual size: 80KB

.data
Size: - Virtual size: 134KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 159KB

.vmp1
Size: 532KB - Virtual size: 528KB

.reloc
Size: 4KB - Virtual size: 232B