06863201a57ae0b67c8c52e6a6d590c2

Sharing

Copy URL

Twitter E-mail

General

Target

06863201a57ae0b67c8c52e6a6d590c2
Size

288KB
MD5

06863201a57ae0b67c8c52e6a6d590c2
SHA1

15cd86fb4f43fe98d1aed0a31b7ac89faa938d23
SHA256

18a752643d9c3ce51d860ad8e104987453ee50943462702240573b5d296e56d9
SHA512

4ac63e46fd4b69d6e2fb995373d693f65552f3f45204503957e477312a366c45b344a3716e383ef19c7f71e58b3b465ca90ebf862fc184a329fcc9de5106e13d
SSDEEP

3072:9lqAqY2hrZIYEPuamp79R5v/H0qwRpqxYICb1i8bExrhhIAIVruL5QMX4aaUKuY6:9l2Y2vIYE0/H0p2ublExxRaUI5QzKFD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06863201a57ae0b67c8c52e6a6d590c2

Files

06863201a57ae0b67c8c52e6a6d590c2
.exe windows:4 windows x86 arch:x86

0d02503905cad780658fc358d131311d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

DrawIcon
MessageBoxA

mfc42

ord1949

msvcrt

tolower

comctl32

InitCommonControlsEx

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

Exports

Exports

��[d��>�� 7SW��[�1M�S�,��_��[%�7��/ʣY�D��.��q懃��Wq�\nE��JD� ��E��5k `�j��3�8��|_g.�7@�5��!h��-Qh��rϙ�7��|r��.EC�irVZo�aT��O%��:8x �Ŝa��:CrC��٤¥kyd��4�v�Df�3I/�'ZX+�զ��u��{ތH�� BI)��t��|��k�"1mΚ$��_g.1B�'��T��0�0��밝Hn��}�Q ��ׯJ{3��~h�W�(Ӡ�vʰAEu�:?�Շ��Y��g6x4_��p��z�f� ��^�;�{̤�� 1��C��P��5]�ձ{�5� �)"��J��_��^Ʒ��*�i��i�'J�Pa{\-�|3�'��]��v��Q��ld.;��+f2��=P��5��O&G�Oy{��fC#I�Q��5Lp��*�w��T��nz��*�-� Q�E�=�/�Q(+��v�)��y�b"� �JC��d��t2R��#�"CT��}Yk:n��6a �l��g��ߏ��~U2%Z5a2C�� R,��ȹѻ�0�#�1��R;��!�anB؈C��Fn�IQ#\��<��b�89s!?� 2�6�.��&Ϛ��P+t��T�[UX��sF��kcs�ᒮ[��o�V��Q��8@��+-զfT��淆��Z��ޙ�x��άh��;3M�(8ʂ�~'�z�$��b�}�-vb ��m�" �Ź��^=��]�FE��;��r~D�� !W�-��ij�~��G��_��g�Z3o�g�_��v��w�OL�r�V��TBL��=��[��se�8�M�x�[T��i��<E��h��/�L,�^��*бF��P;YU��|�J�-�V�Wp{O�r�/�ZyN��}U��G��%�h��8!�̡=�(wJU��حhg��r{h�ʡ^��~��}� >�2(��˼�kgT�#0�G�]!'��K�n�ݦ�n;�{^�;��"�m��䴛&�q^&�$g�ѿ�û�Zo��=�Bc밮L��\�h��`CO��rf��t�؈�wn�T��n��6��2�4)F�]��p􎝒n7v��'��K�?T��*�t��,]>C�j��t��n�1��T��Q�s�i��gL�_p��پ�]a�)=#�w�P��,�U'��'�*��3�v�h�f�@髩�+�τ�l>Ҹ9��7��9��8* ��>u ��L�'fʹ�P53�9�@�pS��Ϯ�~��1�^��qC:EO�ܒ"R�#2L�ӈ�s&:��Jy�� j��tLTA5t��)&i�p��!�Q��n�cTHǵ�اXo��I��Ù��Ӵ~�p� �dK})@��U ek��C r#��F�C�z��b��eO�u�C6OHS�o ��F1�I��.O�!3�� A��Sg�Z�k��(7��?��0(�@s*@4,Y+�b�7>.��H��V�ܵ�At��I6�X�-��A��L!)4XEPp�D��O��8X�pv<ߪܶ��p�#�L[9X��+>O��2��~��s�$� ��G��|�ռpg�k&pL�/�ӌ~w��Z=-8�?"6~,Â��-��,_�0�b��MQA5��r��HH�% �S�G`v1Ȑ��n��rfj��% �'o��.��J�G��&�q�c��vcO�1{��W�eQL<cחQ5�6]�C6ic�b�0�G,\�ݦ��t�^k� ��抗;�s�N�n�,��j�uI,��*9��d��޹ �k��'��fP[�=�M *t�Yb��J�Bo�(�Ӽ#yࢎu�VV��S�5t�`-�-�].�5*J9��`1Yi��uI�c޿s��ÕY�ˍ��J�@�ΥE��80F6��̭9z0㙇K̎3 �~��g�b�(�!��o��ay��&Eý�� s�X\Ƞ�X6��Qr��?�Y��ԶA_˩�O�[�?ct�y�Ԏ�O�&�㧕x�9� �O�̭7�� 9t�Y�Z�>��n��6l��Ā#��"m��4��ĺQEv�.�E)N��Qn� �e�~jY��z��&�V�Ѳ�]�X7$�@N��6�)x�6��$p�-�Jҝ��3�K?�jV,h��kJ�_�I��Z��+�H>i�/��R��5վ��J�'��-4?sDi�w�#�-� j��6�~��~��ʃ�]R��Yz4 ze�Х�u��(�N��0��=�h�:(��aw]�@W̓��E��mc��i�݋y�1�� 2�1��τ� Pm��j�j��B�REwR��X@P�,Z�C=�y�?E��b��@$(�`7 w��Zw��`�gDO��j�t��F��@��5� �Wf�ԁ�4�|m��LW��@}�O�/��uqDsYW":��,C�6�J5v�C��k!'妖�� }��mt�� S�U�_bо�OgR�뮬��Ђ��uJ�3��`� W��cI{�ߍ��Ge�6�ά��q��3��Z�əX"� �}��-?��d�y(�j�� o�u��l(�^��@m�U��0P�xu�b��!�y�~7�H��?b"pw�@d/��$P��je5l�k�7/:g!2v!ri8H�H��j�Ix��0�,��C��+��9�[>wH��!�_ ��\Wt��(�h�o\��?��+��~�B��ݟ!��Y��AZ�.*x��$a)��1l��XG�{B��S��Ι�/d�0u� �X�ES��_��k�2��>��酹��JT��a�E��~�nt��n��jz��<��W��w(� C�Z>�Q�n��=�� D6p6F��|$Μ��' ��ė��K-��NGj�muG��wJ�ܿ��U1

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc0
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc0
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d02503905cad780658fc358d131311d

Headers

File Characteristics

Imports

kernel32

user32

mfc42

msvcrt

comctl32

msvcp60

Exports

Exports

Sections

.text Size: - Virtual size: 11KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 960B

.rsrc0 Size: 8KB - Virtual size: 14KB

.vmp0 Size: - Virtual size: 36KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 96KB - Virtual size: 94KB

.reloc Size: 4KB - Virtual size: 168B

.rsrc0 Size: 148KB - Virtual size: 146KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: - Virtual size: 11KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 960B

.rsrc0
Size: 8KB - Virtual size: 14KB

.vmp0
Size: - Virtual size: 36KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 96KB - Virtual size: 94KB

.reloc
Size: 4KB - Virtual size: 168B

.rsrc0
Size: 148KB - Virtual size: 146KB

.rsrc
Size: 24KB - Virtual size: 24KB