46b9ee358978e07a660a06d21bb73badbb4f80d233d25adf2ec46e34ac29dfdc

Sharing

Copy URL

Twitter E-mail

General

Target

46b9ee358978e07a660a06d21bb73badbb4f80d233d25adf2ec46e34ac29dfdc
Size

9.3MB
MD5

11af0b0156bb8e8fbfc3a0f99dfaa416
SHA1

aa9ea25affae531845fe7487e2aea17394f2ba72
SHA256

46b9ee358978e07a660a06d21bb73badbb4f80d233d25adf2ec46e34ac29dfdc
SHA512

02f220d44ce04c7f33f3c0f4f4829ac5eb6018e57110b2e3add48fa4e5171b792ed56d17093b6059dd35c1474bcbccd188a93730a8a9743d2ddf64c022a43c2a
SSDEEP

196608:kLCW7JkunKH+BbNxWTx7ufxrrS5hls1uETA0TsBz:kn7+unGMbNxtrrOls3MV

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46b9ee358978e07a660a06d21bb73badbb4f80d233d25adf2ec46e34ac29dfdc

Files

46b9ee358978e07a660a06d21bb73badbb4f80d233d25adf2ec46e34ac29dfdc
.exe windows:5 windows x86

47dbf4d5da8f55261c8de9b66f31c326

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

midiStreamRestart

ws2_32

WSACleanup

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDlgItem
CharUpperBuffW

gdi32

GetViewportExtEx

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

OleRun

oleaut32

SafeArrayAccessData

comctl32

ord17

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Exports

Exports

$C�¥�޲��D��}V �_��`D�̰�n7��]5v̗Ϣ5��=�Y��$��~�Iq�an_��S��pW&$@f��X��1xΟ��(��6�w!u��$��Uj򾰑a�H�9ȩ�&�� Q�w��(C��IKM��f�V��Lg`�E/#yDcQl4�wߒ�g%:��~��?s��O�m��g/��6��<2HW9��n��.�o�2��!��Dq��z}��썡�+Ba�o��Y�2B9A9)p/�7J��!�9�Y�3�r�v�3��k�gY��H�%A:�L�8�8�(��s�`��מ2�A@�IA��h��_[C��X��y ��vϯ�� ^��~.3��'��Ћ�ܯ�?�)��\(��?��~',��T�h��wy�G�{�oJ�W�Q/��c祔mVM��_�M��i�m3Fr^/�J�-�z��)��F�婭��*ű��(d�y4#m��^-h�6�c�:t��b��͗Cx�㙨�.��Ԏ�{�j��a�L��,�Y_�7�we��7E��p6:��@ї��g�;W-�u4�`]��A�I�Α`��^ݤ��a��I��ޚ�?$\7u�m�� k�e �.� �CX�� W�i� ��sS"��:��H��y�Fuޝ��0��q�'*/�'� ��ti��`䞡��=x�x�h��d�0~;�<��?��\K�gG#S��ӵ{*@��} �{x�j�îL͞2�st��8��G�M�(�@�Mz��_Ąq��_�i^�%&�W)jJ��+q��C�E�v��0��)ZFc|�t��0;�b��pf\ ��h��v�+u�] �%�2��N^��a��w;�rw�*_Ы)t8g��<%B|y�kɴ��];4Cc-R��fe,q�n�}8D08}� BR彩GH�A��1��]�7��6ܰO��J6�}�{f"CΦpWb�[�f�I1��1�A=r��+޴Yݓ��_Y\��؎�H� ØO��e`�3 s��K+.��W EEd"XWo¯O��q�|B��<p��ǧ��-��'�Yn�vc��:l�i_�� Q ��? FRoZ�q�9Ilo/�ge�4�Nc(*R.=��&r�Z��.��c||��љ��d��a4��T��]�D�b\��FJ�^��.|U�h@��'�Ȅ��9��֍��A=V�78@�s�S�S��Wh��!Rۗ�bQ�˒ft�E��5��Z�z\��Y�q;�e�)��A�|�t�xeh��(hMΛU��z��We��*0=��j�X��+�|? ��S�m64�S�d��tPE>9��W��u��}H��(tݻ�8��F�dB��ȕ�:�v�D��KZ=�6�3�k�-��D�S�'��p��6��N �0��&�3�B!rf0 <h�'��[uIa�f�v�/��׆.��U)S:#��s��-upk�͞��3D�9��o!��Htt�LHo8"Tm`�H�K�Q��7�)q��(M�7i��NGܻ��J��K��ݏ*.��:�D/��)?�Q�%~>��8,ݦց �5l�F��dw�N%��aq�ﰲk�� wfzßNn�u->'��L} �zF�v�Et��RN�vn@��z��]Z;�?w��ܩ&�6A��z�Xs^��L�2�� ]T��'��W�J8�G��Y�)��L��U��Qe"'�a��E'��wlG*�o��F��J:�|��vI~��:� �^��K&y�� }�O`�yIU�]�p2'��V<�)��pTG��;�+9�V��Fц8�!��j�'��|J/f\��p�褝�05�>N��TQ��S3Y��_�㼼I0��x�SF��Xe_)��8:`F�Ѱ�9��!2�e��6fm^�й�z�Uw�{͘v�K�c�-B�4��%��")0 �q c]C�%��7�M��>j��=�� ޾��ǂjj ��{&џ�Oq��:*k33��8l��+��K�j�� U>/�<�t��d��?�j�W��&�pO�M;̴�-��]X�9p�G5j�� I'x��7 5r��崢�<�ʴ&sU� �� !��o��cc߶.��w�dH�y:y�iH^;[��qF`?Ƶ��Zw�h��U�W�e��d��lc��N}0��3�ӎD��m��V��kZ:u��>�q79GR+ĝ'�<�M��j� �6/sE�R��^@��rX�(�XԢ��+��X2�2��p�E��:�r��u�.�a4�O$��qQY�,�(�S��i�C��V�F�W9�3�9��R�� N�d+��,�+Z��l�w�Ra��%�2��=�<n.!\��-��ތ��!��~��+��B��^� ��&k�� R��Zzփ��Y�f;�6>�\=\%c(�W��I6 ��> Y�[�˅\��$��9�O<�Z��2�KI�r,�p��Ⱥ�p!`�Gz��L��+�F&)^�uq��W�=V�#:��^�aY�3�*� �w~��u�� 8��;�O�M�) 52�áD1�gnG��dlf� ;MsGa�@��6mĳޜv�=�eQ��Z�UHc4�8ϯ��8GG��feg�ut˂=��Q��ޟ<Tc�i�D/��9`�H��];�9��3f��R�"�s�WqF]��<��fmP�q�~¶��4��n&u��#�k�,I��:�? ��)l5�Y%by�!fB��t.s��~~�7-�q�l��&�� }�{�Gv�h�p?fX��b>�]c�v��.\�v^��>�a��H�e��9 ��`0]��{��ԛ�fR�7ܱ��G��/f��T=CRM} �tCΤӰ!+�9�P;½��O��mf@�J�YY��/�j�X�O��mR��tpw��=v��

Sections

.text
Size: - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47dbf4d5da8f55261c8de9b66f31c326

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 705KB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 391KB

.vmp0 Size: - Virtual size: 5.7MB

.vmp1 Size: 4KB - Virtual size: 2KB

.vmp2 Size: 9.2MB - Virtual size: 9.2MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 705KB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 391KB

.vmp0
Size: - Virtual size: 5.7MB

.vmp1
Size: 4KB - Virtual size: 2KB

.vmp2
Size: 9.2MB - Virtual size: 9.2MB

.rsrc
Size: 20KB - Virtual size: 19KB