42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6

Sharing

Copy URL

Twitter E-mail

General

Target

42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6
Size

3.9MB
MD5

54bddbe096b83e4cf9aca769de0a9812
SHA1

3d5168a8294499f26dc7911e109c62f5c1f514b4
SHA256

42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6
SHA512

294af9670ff9fabe4050de197ff83551de1423eddccf72b52057e04ebab71b26243d2a3379a05c4215cc13265c7e011c6af4a8d197005ffa3505867ab8b21cbe
SSDEEP

98304:oBaMVJ9JmXQ67JmSynQhNrj76fz4muuvFNcrkEB5gX6LKhVG2:ovJfmXQYoQhNf7O4mJncoEgEOVG2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6

Files

42fb6a26de98bd29fbaee1d5eb86efd0a70fec824ec1f3aa034b5f34468ffdc6
.exe windows:5 windows x86 arch:x86

85d68445efda7108faa6ad53161e7371

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ws2_32

WSAStartup

user32

MessageBoxW

ole32

CoCreateInstance

wininet

HttpOpenRequestA

shell32

CommandLineToArgvW

gdi32

SetViewportOrgEx

gdiplus

GdipTranslateMatrix

atl

ord42

comctl32

InitCommonControlsEx

shlwapi

wvnsprintfW

crypt32

CryptStringToBinaryW

msimg32

AlphaBlend

oleaut32

SafeArrayAccessData

Exports

Exports

�?�LZͪ�Y}\tڨ�U1��x>�/��M��%�癇8�_�=xQEO�Ё�D]Z=a�ׅ��5o?z��)p� ��PC��k7��" &6��￴@��2�$��=}��|��{x�86�5F��Ά�T��ٷ�C�MK}9��y3�Q��<��^��;�b��"��܌�'��>�F��w��w�[,�gڀ%�v՘�;Z�&E;b�Ci9'�N(�V1�<��F��gD�/��Cr ��,�� 7ы�ƗҜ��,jNA��Y�O�h�'�g�=Ӽ�%26�w65��3�� KO�S i��-w"5�1x��]Y��~��m�*� ��1�q��T5x{/�<G2��}��){��󝌏��&G�y��ж1x�-̈́�|o eX�_K�?�Q \Pֺ� vH2�FL��_R�Z��*0�L��q��2��Y�7�!P�{��tꖩڸFV�J�V;�)�Uh�i��h�d�I��'��#��5# ��KT��<��1F��!�3Cua̒}p�,�,z��#Cn�1��2؁�`Ui��R�INmf�O�Bp~\��XI�=.�~)O�_�)��Fw�@}�n�M�Z�w��ε��z��G�HMF�Q�l�k��kW��|�(��B�Im3�g��:�F�f�Ǯ8��9��?Lt`c/S��]��u��_p?�B�[��:E��E��g�᛾�P��]�DOwdi<�@��`�.��(?p:u��U�0��{��|�YO��:8�R�=]�_�D&��&��g�^o[��U��D��^;�ŵZp��7� �t{w�,jAe�C��2�D{��ٟ��쾬\�E�ૐ)�9J��-L~Y��Sf��^vSK3@"B��:�w}%��/��Ą��v*27$�#�>)�`ܝB<��FW��8g#�DP)��8ZP?E��͕sͣ�I+�y^�ҿF�P��㦨��,��hgU+�x{��V��)n��ʽE��2��|q&G�?��\%��%�i��q��2Nфj�t�y�e�S�r4��Pw��<�BI�5n#�2�{��/ѐ��ʝc��ϫ��§��wł/��#R��-¶C��9��I��S�:D��p��t��1Ez�'��i!�f��%�� g|�� M�gƚ�~̜O=�fE��z��R��]�~B�3��UO�ָ5�7[��iK�x�{m�,��ǩ��2?�L��җ��pe<��;��][?6:�p��85ݾ�`$�*B��0}��Qvb��"��٦��4�x��vD�feH`i�&��jVL�N��/�z��?Y�>��m<�[�q��\9�%��=*a�%�;��捉��XY�W�-�{(A��He��._1P�JX�{�۳�T�}�X�_��t��l~��M_��O��XEt�]:ln��l�A�E)}��(nI��E8�>,o��͗C�8��?\��a��C?�]:��ML��{��Sy��F ^�<@)oc�_�m�ic��g��/��gf?�i��)��₇��T�ݐ�$Y25\�|M��,��|1��Wk�u��p��b�1��倾Zۈ��7hbJ#��[��|��ƲO��UF9Ry�� <�/�r̻n�Zn��i�>��^ �_�0��n<��.�uM��cu�i�@5�_+9��{ۻ<ܴҟ��!ík�m!��tn ��v��L�M��I,ј��:��)��ś��L�Q�f^�� C�[�ܭdnͼ��ڋ D�-g[[˸��s�6��Sa�'�Pa7�鰘'�I�]��D�v��" /�۝�Nb$�2W50 ��0S��x�P��<[^\��F녞��wCj��n��^��2h!��O/��~�><��uW��ŉ��j��;�Ti]I�� &��p��6=�� D�+��T�uF��NceQ�+��5��Y�k��$�l��@`��m��d( $�$�4]�H� ��K�n`�� i�-qJ��vL��I��D1��.p�U$�t�j�r*��Z��/��Ȼ��!��td&��_se_�ߘrI��ح]�q��}�f,�:�SH΂_?Gp��8�%��WB��5T��=��v��8�ȿx��Q�<��xh��ƯJ�\^v݁��^��A�;T<Y��!'zT]��uEH�S��m�)LuZ�)��zki�4��XNٖ�~�h�CV�a�[�om�ٹV��"Nd|zC�#!��a�2��*��W��+��!��9^�@��f�I(.�garK�Şh:�dWC��rI�i��c�_e83��$�c%S�6�菦��~&��!de#ǚ��DBTm��yl�O�� J-]U�+�JX�I2 Rwzy0��9\| 4~(��ʅS3|�d�G9Τ��`��:��¥mmY�n@y�\��]�텻�O*�,��xK��\�eU+)��=��J�A*,�AF�\��=��1�R��(.M4|}��b��\;��=�?~~�.%��m9�O��n��_�$_��/!��/�H"��Q��I:D)�v� ��hA!��Wr�i�%޽S>��0=}1��V>��Uc�?��u�CMz.K��XeZn4W2[��u�K�󓽽7K�qjZ�ǩ?�u ��\��k�1W��7�ϒ��R�E��mMG��dlvw��o�E2�&/�A��F� �'Z7*��t9�q��Y�<k��oCL�D*(�IA��ֻjޣ^��?3�H��OŦM-Uʮ#�X򎐗�Y+S9��c�J5��k+�egAk:2��԰K'��V- ��JVR@y|b:M�]g&ѿ�Q��ڤ��]

Sections

.text
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85d68445efda7108faa6ad53161e7371

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

ole32

wininet

shell32

gdi32

gdiplus

atl

comctl32

shlwapi

crypt32

msimg32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 456KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 123KB

.vmp0 Size: - Virtual size: 3.3MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 140KB - Virtual size: 139KB

.text
Size: - Virtual size: 456KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 123KB

.vmp0
Size: - Virtual size: 3.3MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 140KB - Virtual size: 139KB