8604a872a84efe5f6b1fb8952d093832b195f674e2d7c563afdcf13d01866dca

Sharing

Copy URL Twitter E-mail

General

Target

8604a872a84efe5f6b1fb8952d093832b195f674e2d7c563afdcf13d01866dca
Size

9.8MB
MD5

c53bee1898359b57db771036e1a727e6
SHA1

fb86ec3cca6a9a44e06be781480620d895d70bd8
SHA256

8604a872a84efe5f6b1fb8952d093832b195f674e2d7c563afdcf13d01866dca
SHA512

5656db8a518ce486efb5c4b32ced232e7cb4eb922ebe73f6706a60d82cf8897c9c11134b9d6269a3d77445c39296a7a603246bc828d6364dfa1b4bf01a08ec40
SSDEEP

196608:jItng7jX03xr3s5xDmn3M/6zpjAU0ART8pm3LQQkmdyC7:jkng7jE3xr6D6MiX0qokNY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8604a872a84efe5f6b1fb8952d093832b195f674e2d7c563afdcf13d01866dca

Files

8604a872a84efe5f6b1fb8952d093832b195f674e2d7c563afdcf13d01866dca
.exe windows:5 windows x86

a6e261051f9b4938b7b6ad42c66ab1a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SystemTimeToFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
_dllMain_Name@12
_mainB_@8
_mainW@16
_main_@4
main
main1
main5
mainB

Sections

.MPRESS1
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6e261051f9b4938b7b6ad42c66ab1a8

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.MPRESS1 Size: - Virtual size: 1.4MB

.MPRESS2 Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.1MB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 160B

.rsrc Size: 17KB - Virtual size: 16KB

.MPRESS1
Size: - Virtual size: 1.4MB

.MPRESS2
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.1MB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 160B

.rsrc
Size: 17KB - Virtual size: 16KB