57fb28dc9c5ef32f3a62d1c249583406d039a8397f5a42a536809f6780fd998b

Sharing

Copy URL Twitter E-mail

General

Target

57fb28dc9c5ef32f3a62d1c249583406d039a8397f5a42a536809f6780fd998b
Size

4.5MB
MD5

f42e9c793d1499c81983df437f19ce81
SHA1

24299d0a30ed0e6fde4b32f21aa3f6d20421a102
SHA256

57fb28dc9c5ef32f3a62d1c249583406d039a8397f5a42a536809f6780fd998b
SHA512

45b4d1854b02505d06fae10c14e82f931f975803c23b57bb27506fff7536957854fdc486eadb473c8d000402971b6512626c63ac22635ad148a7bc23b9c3fe85
SSDEEP

98304:F6Z0Ush0Jy+AFswMpVblszkUadGFzZyJ8M1vpZUlPcwk9RHsJFX:F6qv40sZnyz8GF49JFB9NsJ1

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57fb28dc9c5ef32f3a62d1c249583406d039a8397f5a42a536809f6780fd998b

Files

57fb28dc9c5ef32f3a62d1c249583406d039a8397f5a42a536809f6780fd998b
.exe windows:6 windows x86 arch:x86

acc661f345dcf10a6e3f4b460e069036

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadStringW

gdi32

SetDIBColorTable

shell32

ShellExecuteW

ole32

CLSIDFromProgID

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

gdiplus

GdipGetImageGraphicsContext

ws2_32

WSACleanup

vcruntime140

__std_exception_copy

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-stdio-l1-1-0

ferror

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

a�Q6�?�w_ %��X H�.�y=Cة)��t��Z��q�Y��$4^�C^�x۰%�[��\_�� !S5�s�Ix��Bf4�8h:CW"��p|_w�nƮ.��; �-$+�6��W��2ׁ�x��)�m_��_$d��pR|��9[�6ӟ��D�� ł]��h9��x.�_uSӺ�v��ZU83��0z̑t��k� h&�\u��U�&��p��/��[��M>��f�΁��zۑ�$��d�쫵L��R9T�,��+��s��6��v+�S&�-��F��G�Q�~j| �S��;J��M��k<b+ޙS��QА�n��<,3WE�D�<%1��'��b�{��9(/��^p�)q��N%��v�s�E��A��^��.��2�)�4c�Sti��!�b��f�� b��{��@��x ��gȑhk�|��9�� t��*;WB��8�x��K��Ii�l�ߨ�H�O�$DâN�u��LI�:5�� "�de�n[��L{ �Q��+ٍ� ��[� ��J��L��9��s��RƮ�pǞƵ�-�'4��*�k+~A�� 8NSZRuڞ�NP��ҞOB�Zqv��^��$��Lv��*hC��?��d@;J��}�|�/��l�*ۦ:�P1�=��.\�68��M�'T}��`#��tY��6/�X�7ޭx8��t�x��uCA��T�g�F� ��m� ��_ � ��A��<��q͖��M2Q�Hr��n<;�_P�T�-�>��J�� %*l�}�%(��ɘ=X�� FB��3��Gmr��_�n��N�� %��ia� h��S��Roɪ��C�~�oKtz��kU�GGA� � |��>�0a? ��-+�W��<N�Q|��b��uǫ��1綧qI�.�W�nx��B��h=�%f�R��$a�<YGk_%��2�/DWEZ�L�hâ��<�(�na1X��4�"��j�C��}�l��RV��&n^py��N�nj ��N6g{ Ц�� 'C��p4zc��P�B�R��=�mL�¡��d��d?Q��{YpghC2��Q(�U�A��)(��|��VO:��"�R�c��ۧ=ά0I~�v��'�Uۀ��Ӄn�X}��P�d��_��78�px#J~��h��+�sk�EpJ��{>�?��{��c<rt��j�,H ��ӨA�N��|EO_ϔh��-��ucM!F��k��<.=�k��V��\5��q%@�ő�}ak��S~�-��-P3Q4¨g��+]�f�{�R��= ŏ)�_f��m�wq�X�H~X+s!�I��πʅ��{=t�K٘�uX��e+� �~b'�!D�*H�D�T�x2%* �L]Jb�q�� !.��{��3W��b��8r�'zX/x�a?O ��b%})�w��-�F8��;C��<��P�&��G��#a��כ�oy��Yn�? دZ+@��X$P4�9n Ϊ`@��I�;��>��YJ��"2j�$�%G��ox�^| �T�Xg[�K��W��ނ�d��K��Қ�G��+�Q>��Y}S�f�ـ��ʨ�'<qs6ء!�FI_CM��`��?��]�%Gͤ��D_�mj$��I��;��J��R'r��L��>��$�(��Ph1�TW�ً?�a�J�6��V?؄��3�y�|��}��Q`)e��%�QC�~��g�qbl��@P�U�� a�A�eś�B��}1��f��l0X<(ݵ�.�\��tZb=�rB>�?@� �Q�l�U�W��X�f=w�6�� T��<�ڱus3�*uX�W"��;34`6xl�x�ø��{r�N�wX�!{��D��bDn@�'{ �t�0��齬]��-,� D�n�ex��D��j��p*�J��Xg��q�&A�-i�m.T�� J�Ucg�d0q��\��E�*��Vձ�TL.Jj�f ר�Vך��pv!�i!��H�>��~��_�bhW�uu��L��r��N��sAEcYI��)�^�� ^U��zo�; /�wȣ��[�z��)��sx�f�Hv��jz��C��z��?k֠!r��r��DA��n� Yo�:��I`;yy(� } G�}%?)��d\t'�[ʔ�$jKYbO�& i� ��V��X��V��9��#��^�p�eu?,zP��l%�0�JA��"Y�#9]G&�ϗi��(UȨ�0ז�e��+U�"��L|%��P�'w��SH�i��4��-u-��U>k�_c=�uT��8��!��A��[�4�0��*�Bw�x�� >�k�yר�oŨ(�mg��3ٹ�]k��ŋ��D5ɴ�+q:ĸ��8�n�R��~��w��'HT�>]H�p�9[�3�zI��œ��{-��wYŹ��[��^��Wݲ��2�� 8]�<�ތ�#ޢ-HP�XB8~ȋ��u��Z�ӕ�}YP�O��D��d��4F�Ψ;M��>��c��"��|��ҕ��kɗ��a�]�D}�@?`%�g�Z�� *�bG��5�f��E*:x~��M�ˇ��T�;�E��\ԍ��;�`��w�{�Mr��g=��X_c�&�6'E�@��ϧ��z�]��^چx�#�Ng&��[+��= {�0H��\�5�� I��l[��4��9{u�f��<+�IS}��/��c:h%C��L�D�V�<��h1�|��[�IH��\ט��7�DZJp��Ҳk�Q��3��ƞcN��&=t��5o��_Jg�$A��AĖcvzH��鋙#F;�/`��ʿ�e~�쾉�5��+v�AA��H��

Sections

.text
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acc661f345dcf10a6e3f4b460e069036

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

gdiplus

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 135KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 4.0MB

.vmp1 Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: - Virtual size: 135KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 4.0MB

.vmp1
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 12KB - Virtual size: 11KB