0248e4faf14a98c293fc7d1637f601699282716669a13ffabdc2594e6ff31c53

Sharing

Copy URL Twitter E-mail

General

Target

0248e4faf14a98c293fc7d1637f601699282716669a13ffabdc2594e6ff31c53
Size

604KB
MD5

9f4008cc598faba83b246c6341ddd307
SHA1

8d78402985ae536beb3ec007da60e657b7967405
SHA256

0248e4faf14a98c293fc7d1637f601699282716669a13ffabdc2594e6ff31c53
SHA512

be567dad5e0b33a5ee97fda09cb3842fd48b3e3d9be8f3dfc3b76b8d8b9eef4a8b8afdcea0e9f4de4d82f3889aeb2d9d634f64fc437e05ca1b9985b3ee559ce3
SSDEEP

12288:Abg7da1akXKa03q/QNvNHm/qHG51xUlbpUqNN2QV+msvWU:Ak7dlE0oevxwqm5XgbpUqb2QV+n

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0248e4faf14a98c293fc7d1637f601699282716669a13ffabdc2594e6ff31c53

Files

0248e4faf14a98c293fc7d1637f601699282716669a13ffabdc2594e6ff31c53
.exe windows:4 windows x86 arch:x86

dddac1552f8e9d5116f84cb99b7eb072

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord695
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaResume
__vbaStrCat
ord552
__vbaInStrVarB
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaStrDate
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
EVENT_SINK2_Release
__vbaExitProc
ord593
ord594
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaVarTstLt
__vbaVargVar
_CIsin
ord709
__vbaErase
ord632
ord525
__vbaVarZero
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaGet3
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord563
__vbaVarLateMemSt
ord670
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
ord710
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
ord570
__vbaVarLateMemCallLdRf
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaAryVarVarg
__vbaVarCopy
__vbaVarTstGe
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaUnkVar
ord617
__vbaRecDestructAnsi
__vbaVarSetObjAddref
_CIatan
ord618
__vbaStrMove
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaR8IntI4
__vbaForEachVar
ord650
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Exports

Exports

��,<��N燊+�ϸ�5��f�_jyZvӢ/)� ;h��ò��:�+��>?��W� �&|��/��5�y#,<��D�H�mq��V�ǝ��`V��TH��g��I>¦K :�j��nL�3&�R!�~�M��\[6�Ĳ)i��V��R��M(B^7�:�lez�_�d��GC=v1��x>��_�V�:��מP�� S�Y��e��+9�=�!g�֧�LURzjQ*�F��K6�;��a��}��7^l�3�F].��Gאob��^�F�9�ԇ�_�L��t��^`�Z�\�UX��S�=cE{~O?��j݉��th��~��ƽPO|&>{oJ;Ʌ�F��[�ϸ�=ޙJҵ;��| -�6U��;1�pY�:��E��| ��4�t[I+7��Z1#B�h��,��X��2��'�<>��%��n5�~r��ī��z�J�_v��ۛ@#?��3'��Ԕ��RՓ�0\hN�m�D=ҝ>%JO��P��^��d��<�5�)��)��`2<��2F�R��?��0p��π��3��k#Z�BV��-�"#Y��W a�Ѹ��8OT��o-63�0�_ԊSOi}@��Ղq��Qh��5Sـ��-_�� I��Ijp�9��>�%��9�"��"^!��`b�|C:��0�&x�r��Pzv��r��2&�Yyp��U�um��#H]��pn��v��*��wq|��P/�- GQMm��&�@~^�A��QU��n,�:�N��9��󇔺�"��PUE��}��7��1T�6��Ⱦ�EkMO�X��=��o��Q�}_�v�gy�.u��ᷪ�$��gsW�b$�2�c^4��JF4l�K��Tը�zN�\^�ۋ�BN��tF<6,��c�D�C6k�tjJib��!�D#y�%d�;�$��Xf5DU(?�cI.5�=��/�S��cGMB��qx��?Q��l\��HW-T��9.f�ͅ�F�>��4I,�JOWs��d��t'�]��-��Sd�aod��_�J��H�+��M;T=yJ�z��ԡ��@��ZBS�1��8�� z��[�PW�b�-V�]m4��\��zϻ��9PI i��rޤ��ҟ��SIn�4]1f�'�R�N9�l;;��l��E��;J�Zs' �o 3(ɼ��ۿ��AT�g�4��Z �F�Gh`qa��7@0F�'��@�j8�i��e�N��%�X�|�%��K폐?Մc�y&��-%y9��C��U��5Z,Z1ސy 9��%��.7�l�FO��P�𯽷r:��)��v�Cb5�^�%�kq�#}(��X�=��fy�+LK!�j�隉�t>�w�Ӝg��+�~&�ɀ��%��l�Sɱ�N~��܏��#� W�ܐ�1��v�;��ﲖ2~�k�V��CڮD��Ib�p,��xys�CO�Umr��=t�VC�5~Y��n�� K��nʴ��d F�:��<��6�0�s2p^�P��:l��ur�� 餩�HŅ�4Lƥ?{��B�[�˔e�d�b:D��+>��K˿�tW�:5B�䗋��|O_�_m��n=�Ҋ�aT)ø��+,3m��c�Mg5e��F�Tj2�*�W�=fc��Q]�� Q4͡@�,k�v�6��A^�Ҩ�{e>ܴO�n�NA�b��Q�~��e",��ш?�|z��%~�/na�� [��l�ns�BA�ٴ�.��z�G'�� Y�� {ô��*�o��垑*o1L��O0}��˥�kR*(~�� w�?Q~�BI�tK��D��) �~��.��-�c"f߈��Xs?W��b>Jvs��3ŉ��(*}� u�?�D��zB��v2�!�i��k� {u�� ː�R.��F�a�Y*�p .f*��[��U8�&y�p�v��a��'�BM�0U`sH�{ɲI�́m�ET��'��ĺ��y��'�s �=�Oi睴5�"�H^��OkT�#�<��?�˞��H�q�=�B(��:Fo��l��'"��ZP��c��;#k�b,�\6Q��|J��S�+�2s��8~`�qW��H%h��kޘG�(�-��7%d��pG��D ��U� 6��Вh��o��ݬm �tju�i8*��O/D�r�~��)�x�h�ݟú ��w�Qw��$5��ƁL\�1�y�n�Z��ܤԴEQ;E t��X� ��]��[-D"jP��T�U��r�.J�2��x��t*'��EU��.[�גX@��vP�@dR?˫�71g��Y�Y��k�㘎<�7�L�t�v�0��5��wVrٱ�'D0��&WϔJ��m�e��z��:]s��i�ea��y�_��@�q˂e��]H��7�}�{T��P]�5��W��/l��{*�Or�L��FXy��b��jٽ��G0ϯ?��jA��@� �Q �n2�� H��Z�=A��F�Eh��i��i2��_&�K\Kو m��D~#�u�zj�<�\<��,2h�ɰ�7�6��F��v�i��2}�S�zq'��/�� H3.��yɠ��Uk��S�q�3D=--��3��P�R z�z��}jR�z��Q�hK��:��j#*��{�o<3w��d7��>�ӝ� �`��I�$��/�3��Ԯ�xm��>o��7wy��E��IfSWj�X8�pgݤ��1@��|��|�1�q��S-��/�c��ᬥ(��~�v��8��YyOR��OK�Xq�ue��n��W �rR�c�.�\9��o�O��P�̋=C��@

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dddac1552f8e9d5116f84cb99b7eb072

Headers

File Characteristics

Imports

kernel32

msvbvm60

Exports

Exports

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 2.1MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 592KB - Virtual size: 588KB

.rsrc Size: 4KB - Virtual size: 2.1MB

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 2.1MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 592KB - Virtual size: 588KB

.rsrc
Size: 4KB - Virtual size: 2.1MB