fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3

Sharing

Copy URL Twitter E-mail

General

Target

fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3
Size

3.6MB
MD5

aaa171dc43200068fb5fb0c1dd661a7a
SHA1

88b6df0970eb7c5a9426775ae71d02b4775ce0c0
SHA256

fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3
SHA512

8864b90a8ab6bd1d40b8de8cd849fb33449b11fc7f9858db439428f3f7a572d0bf8369cae878d3336db29bd7c75c86ff3115e529c9d5f6dfbde63233fa540acb
SSDEEP

98304:WBPv20s+XIDClR7ppYrCqiGDx3b9ajJHuqSYo0V6K1NW9BKbvDC2:2v20s+XIDCL7zXqiljc0x1N+0bv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3

Files

fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3
.exe windows:5 windows x86

1502926d1b7a9492145b80e187bf6356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMenuItemID

gdi32

EndPage

winmm

waveOutClose

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

LoadTypeLi

comctl32

ord17

ws2_32

recvfrom

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1502926d1b7a9492145b80e187bf6356

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 483KB

.rdata Size: - Virtual size: 4.9MB

.data Size: - Virtual size: 134KB

.vmp0 Size: - Virtual size: 841KB

.vmp1 Size: 3.6MB - Virtual size: 3.6MB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: - Virtual size: 483KB

.rdata
Size: - Virtual size: 4.9MB

.data
Size: - Virtual size: 134KB

.vmp0
Size: - Virtual size: 841KB

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 56KB - Virtual size: 53KB