c1eb4e0dcfaee33d12fd85ab98fb64f49214f895ce7226f79a95539a1c7c29c7

Sharing

Copy URL Twitter E-mail

General

Target

c1eb4e0dcfaee33d12fd85ab98fb64f49214f895ce7226f79a95539a1c7c29c7
Size

12.4MB
MD5

73552216d9f3112a5ccd61603cc47fb5
SHA1

63a09c2f6768510b80cecdabb3432c559bc2da9b
SHA256

c1eb4e0dcfaee33d12fd85ab98fb64f49214f895ce7226f79a95539a1c7c29c7
SHA512

2f3eeedaf64626ebf462d0d6261859b20edfb20bfae6a691d9ae4273786e580a7213d0759263f773ae0968f8c198db3891fb336d6475043adcd3d32d624aaedf
SSDEEP

393216:dBfwYIOj4Cpipk6AuZNT8bnH6/XF+EZDB:zfwYIkiS6fLlt7ZDB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1eb4e0dcfaee33d12fd85ab98fb64f49214f895ce7226f79a95539a1c7c29c7

Files

c1eb4e0dcfaee33d12fd85ab98fb64f49214f895ce7226f79a95539a1c7c29c7
.exe windows:5 windows x86 arch:x86

29d0b9d325f694270b8749f4134877fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOpen

ws2_32

ioctlsocket

kernel32

GetVersionExA
GetVersion
CreateFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EmptyClipboard

gdi32

ExtTextOutA

winspool.drv

ClosePrinter

advapi32

RegQueryValueExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

SafeArrayAccessData

comctl32

ord17

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29d0b9d325f694270b8749f4134877fb

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 977KB

.rdata Size: - Virtual size: 15.7MB

.data Size: - Virtual size: 354KB

.vmp0 Size: - Virtual size: 8.3MB

.vmp1 Size: 12.4MB - Virtual size: 12.4MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 977KB

.rdata
Size: - Virtual size: 15.7MB

.data
Size: - Virtual size: 354KB

.vmp0
Size: - Virtual size: 8.3MB

.vmp1
Size: 12.4MB - Virtual size: 12.4MB

.rsrc
Size: 4KB - Virtual size: 3KB