9d986ab6a931306c8bc551c4b15b216cbff1fbede0be18d26b8bc4e1c25e634f

Sharing

Copy URL Twitter E-mail

General

Target

9d986ab6a931306c8bc551c4b15b216cbff1fbede0be18d26b8bc4e1c25e634f
Size

1.8MB
MD5

fba15d76e3fe38817fa1a8fce66b1593
SHA1

bbc022bc12895bfd9787635bc31fef3a79daef9d
SHA256

9d986ab6a931306c8bc551c4b15b216cbff1fbede0be18d26b8bc4e1c25e634f
SHA512

d863cf108e6f30c26d39da9351d54c29ca1eae994d1a493a1c13a9fa4ea6575e7a84595eca52dae50bfc717eb127f06fd3caac12a9913997ab380a401e60c771
SSDEEP

49152:m+HkWECTRFL4n3S581L2O3j2b73QVWMy:mWkWECTRcTNH3j2b70W

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d986ab6a931306c8bc551c4b15b216cbff1fbede0be18d26b8bc4e1c25e634f

Files

9d986ab6a931306c8bc551c4b15b216cbff1fbede0be18d26b8bc4e1c25e634f
.dll windows:4 windows x86

4879f554db926d1fbbea436a3150f9ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrAryToUnicode
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaStrAryToAnsi
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaCopyBytes
ord550
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaBoolErrVar
__vbaLsetFixstr
__vbaStrDate
ord661
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaVarPow
ord593
__vbaExitProc
ord594
__vbaCyAdd
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
__vbaStrFixstr
ord520
__vbaFPFix
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
ord709
__vbaErase
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
ord632
ord525
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaCyI2
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaDateR8
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarOr
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaUI1Cy
__vbaCyUI1
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaStrUI1
__vbaUI1I4
ord710
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord714
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
ord535
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
ord570
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaInStrB
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord614
__vbaVarMod
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
ord616
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaUI1Str
ord540
__vbaCastObj
ord618
__vbaAryCopy
__vbaStrMove
__vbaForEachVar
__vbaI4Cy
ord541
__vbaR8IntI4
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
ord548
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

\1Ɣ�kS��Z2׷[��P�cpA�'#�(��2%��6��V7س#��vP�hBb��L�@�PHa��G#�`��/�4T��t��k�}��A��7X)�LР�7<7�=� ��C&�VC)��s�\B��D>*��ʎb�\K? �� 9�5?�jW�8}1��rQ��c�1Zӌ&��י��V��d! �^�YMeO~�N'e�o��ؚ��%{ �Qe�\�6]�:zD��o+La��O�G��;��q��g ��s�, YT��J��Bm�f��57"�ͷ��t��`�A��Yj��(z��_��W,5��0�{g��&��S�\P��(�i�|Tz�*��:�v�V��Z>��DLq��_��8_P��^|y/��L�S�-��$��t�� Z��@�S�{��>��9�o!��T�:q�x�vW �zc�!+�@� ��L��F�q�3�ɂI��Pڇ��$vY2Y�!��WO.��H�;��#��><�}]��=�z��H��!.��QDZl�>�w^,��{��6��!�c4OL��_t��*q$}cQ<�qD�2�� "��Y~��c�A��W��\��?qm��kɊ�~5��P]p�#��n8�U��i�c7��Dc��d��b8��Ԙ��j9��2��-��p�3,Vs�d93��<��'K��M��Y��;'n�� 2l�4��a��fΐ��D v��cĖcH�Ή�_s�/Ґ M�EU塤��0(�|��z(R�=�h�ʈ�w6�q��U�t��u��vWY="H�$�j��>Vz��)P{-�l��n<��C�oTn.�'*��$EE� B��V�?��j�U%K4ðV��Nm��9��v`��۟�q�O:�@��g2�#�w_��Ep��G�q �UK��MDZy1��3�ȳ�:�0�P<-��Ǹj�X>.��'cv{�m��,��{��~`��<�OE^85�q��\@U��` �T��T�n�3,��槴j#��XYaP�r³��y�{\O[u��-ܧ��K��k֓�(�-0��L^.!e �G��*8�5/�N��&��_�x6_ �2��$]�>M?�j`�}�z_Ȅ��M�� @a�[%��yBM��lS@�t��di;ɐ��h�{�U� 3=��NV��i��W.jD]�^;��H�,�N ,��s�Cߦފ�ܞ��|n'U�ϰ��#N��vz��:�RKM�X�"߫�%�;ց ��n�֊��:I-��w��)'�_�m%ӟ>M��Wu�H.��u�3Ag��1Y��g�{�� vU�-p��t�+K�JH�0 �Q<�R~2� �`h��lu �d9��V�gxJoA��V��VQ鬆�� B�۷��X�;r��s�H�w�T)[��K$�2e��F��L�`A��+��:��a� i�S~=��T^!@,��L4��&7��w([��B�]��p�Ռ*�h6��>k�c~��0��ɤ)hQ�"OMҪ��=��f��q]��\E�p�0��?0�YeJ�� 4��ã�+��A9� kq�֖��2��2�c�ԫy\�&��R�+c}\�k?:uT��@��20a<=�!7{O(W`�2��"�/��<SHq�1ߦYݐ��A��E��g�a�?��|�ŉ��g��.a�.��a�g�m૬ʥm��^s��$e0|�|�SN�n��:sm��Y��]��2��/��M ��J�-iu �<Ezy1[�r&^�إ� (GGؙ�H�DN~��/�e��F�0ޞͅ��r~�׭Rȯ�w�g��ށc+�8{k��T�&��-Ĩ��1��mFq��W�+k� J{��P�Z��$�� 4Y�8��7*�c;��E� ��ͦ,��i˧��F��R��;�9��0H)vk��3��а�<�*�q�a��d�G��?ŀR�UD�ZRї ��X�395�/ڿ�ji5��j!W�iEM��K��Aq�0�q��E,�$��һ�g�A�to��<��u�ƞ�u� +dZ��>��)C�3MD�S|1o񡁤��obkkk��MJ��#5kT�fJN�ę�c��hunt�O{��O�K� I��$��q|��%��SN߄�y� �=�`��q��j��a��}��!g��Z�X�"%��^| IPAu�sѤЩP��T([��ND�8گ4Jg�9�ٜt}��f�/�L�o-54�G\'hl��3� g ��X� k�dw�hz<�&��=� ��Q}��'� ��tW��<��یɸ�g�j�2 g �ҵΉZ%c��r@I!Y��7�DL�9 cu3naM��Q�Q�� :��]E�S�yQ\��篚"棕І��(��[��h��HwW*i��NL X�\A�Jp��}ѝ��.��zE�E��e�y�E��t 3I m��0o�3 �*b`1�@��M�u��u��!�3�!��B{��g�IrJ3�89�Z�ؓG"{�a/�>?P �׋�� h�S2s"Q��5�a�"��e}��^��.�>2�3� +u�PWyIN��#�� f��.`�,}�K��ZM�撩� s6^J�f��n��X��w�H�l�}��E�c�;��i4JН �׀d4�^Z̘<Y��H��罶"�!]��N��SgAz��#0(�]Y�U�05�:n}�32?��s��N#�GH*DqW>V�&>[o�*��a��nʜAsd�o@p��=�!X�U��)��Gu !5j��{I��N�n+��P�b�� u��!�ty��

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4879f554db926d1fbbea436a3150f9ae

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 15KB

.vmp0 Size: 252KB - Virtual size: 251KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 44KB - Virtual size: 42KB

.reloc Size: 128KB - Virtual size: 126KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 15KB

.vmp0
Size: 252KB - Virtual size: 251KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 44KB - Virtual size: 42KB

.reloc
Size: 128KB - Virtual size: 126KB

.rsrc
Size: 4KB - Virtual size: 1KB