14c4885f8b7f803a83283905343b3ae0

Sharing

Copy URL Twitter E-mail

General

Target

14c4885f8b7f803a83283905343b3ae0
Size

1024KB
MD5

14c4885f8b7f803a83283905343b3ae0
SHA1

93eaef67d934c1e25beb0016286905be410c930f
SHA256

e6ac5433689e005429246435985229ffee4f98917a3a69e375cde6af2ce77cfb
SHA512

d8871ad0d89fefee01914d3a1f69d30a75f684b608db4d2d09c97c26332dbc88472013d136c0d8535eeae7f8ee47433a2371b9bc74d3c1c6d29c4ea54bdf83dc
SSDEEP

24576:UHS6iqO3vAxZhAzTawbGs4bgqNRSCGCd8RvrtfRo7XKU:Ub4vyZhAzTaW74b5S4dST6X

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14c4885f8b7f803a83283905343b3ae0

Files

14c4885f8b7f803a83283905343b3ae0
.exe windows:4 windows x86 arch:x86

3c4e6a5f6b49ecbd7aa11034ac5dbdf4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

GetMenuState

gdi32

SetBkColor

shell32

Shell_NotifyIconA

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA

oledlg

ord8

oleacc

CreateStdAccessibleObject

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegQueryValueExA

ole32

StgCreateDocfileOnILockBytes

oleaut32

VariantChangeType

Exports

Exports

�6��i�g>�"�й%{Wi�7U�J%H�q:�Mi;�Lf��{�XI�AdV��v8Ҁ`i. �4�O��w��(eU8[�q[ �7q��[��.��OIn��sʇ�z�O�]��Yx��3�z��s��J��e.��h8��;��\$5�렎��ݏ��c8 ��0�}*ذ�,rtUBY��9f�ְ�"��_��E-4�uL��w�J$'[!�#}m��"΁�j8�;�)W�<~'�� #ޢH�%�,�ID��/��Nķ�7��nj2�)�R�x�J�0��e['�� .dC��b��3�q��:�=�f��G��9m�y&��H=Y��Y{�[B�7�9,uL�rR��m�,��/&�+!Ҟ�5i��8��3�+7��ł�&�cC�qm)T�=0��v�iA�TExa��$�ĕKX�'Ccu6 �:H)�?F��6�*!��N<o'�M�R�3�'a�3�O�M��${�yRz4�q]86E�fӲa�Ԁ�U#T�o�j8$�ML��!ql3�x��4e|��2��Ӱ��2gp��e�^w O`�� ŌDC߶�vdin�g�~��fF�~tRM.�϶�w͋��Qv��z�B 4p8�T�W��aB�/A��+��2+��ߛ-t�;�Q�*��F�:ۗ�� j��E�-c�ˎ�,XR>��V2�W�˜��p��W�Y�K:��p!�i��F��aT)�ט�}�� ⠏y�de:��/mj��ϗ�8�EZDDF�p��u�0�YDmap�I!}�|L�:Ҹ�Lx�ϧ�7 �`�U: ԥ�O@a�}գ3J %��D�&Ŧܽ�R ��J�B��1Q��f��+y?K��~�]tH�u`,�[�l�Q��\X�Q��h�&ɜ��`�� b��Y��P -Ss�U!��:3a۪�1j�IB�PxTb+�d�94��1V��թ�NTz��:�g�l��ӳ��5�.�B�)�='e-�=�n�v�<c�)��L�~��w#�e"��PuED[�P�lu`� ޮ��@�ٰ��?/b�C��-fj4F�(�p6z��ڞgPfR�3��i{��ݹ$��eA��уy�ɑ,��> �<��o Y�}8>�z��_�\i�ӽD�)j��.`Ђ��^��!;B��pl��̖�Al��=�Y%��T�� Z�+DX�}B|�M�!�b��j]�ɜ ��;�mm`��v��D�~��FJ�J�h:�r�,9y<:ͬ4�՛y$iS�|�R�oH��CS��w-��`6(�_��&5��5F8�|�eYB��M ��+�8N�f ��~,5��m�3�[F�^��F�v��3�P#!��vP�rL[�맢q��h�&z��k�a�@c�&��}�ﮪ o0b��&��iZ��>Y��D��{^JW@\�偫�P�v�%E��5�ÑӋ*��ŧH��E�Čg��[�XL��ﹼSf��,ynD1YؾM+Ɵ�2´�BF��o'��C2z�K��$36؂NV�r��j�q�.�`�@�� r�Grsx��~dE[b�"r�:|�Z��R��3�1��.�$�+�G*��Sb�86h�e��n��M��igP?$��z~!_�:�%j��4��y�y^b��4 |�$b��כ��4�#�%�4i��Gx�z��SUj��Ϝim��>RK��:-U��*VA`Û�[�z��Q�{S��E��'i/@��ە��EQ��>C�L��~��j�⡼��UFb� ��=�� &*��ے��=�� @U�$��-ռ��+��8{۞�+��t��"s"&6^H��J��Ix��ɳBb%/�!�PY��3��K�W��4ܿ��T��`ջ��%a��(�gs��dpER�l�j�R��9a�W� ᖇ�V�q]rG�T��!��|k똨�f�E�Q��l��v�3]v�n��8 � aԞE�~ىي��F5��:�nQ��[��t � [�4i��F�E~g�� s2ր!D� ��#( ^��э��I��烚AԆ�X��(�1(�rik��ˠ@%#ņ��5�[�z��+5��70��(��uޮz!�)W�=�J��;�BA�ŕ.;Q�t�=,��J��Mlq�@/��?��Lmr(��红q>#��`��Q�j�h��b�+3 O��:{��-:��i��L��X!�[ �K��H[`�z�ې4;�t��q2��)`��z�5��[�.��Hc*'*b<��p��Da�¼Ѻax�*p��RU��e��rd��pB��L��7��o�O�`��}lYD�"Ȟ ?��b{\��J�A�y �QZZ��d�Yt�,��<��{n@�� T�̼R.�x��l`7x��{�4�}�e ]Zd��C77�k��}��}�EI�7��9��x7z-�Q��z��@rqvD��>�`k0 U#P�\�'�~�HkI��ȼ0�$a��{rw3�n��4)iG:�Qd�R��Я��a��7÷ Y:� �g��K��ͱ�;v}Fe��7?�x>�C�O턨�,�.=��2, �T��2��%;�yw|S�ڸ�Y��$��t�E4�e~�hc�;S�W_$��ru�f>� [��-P��xŌ�_S�#q�5"]]�G�R�Y��r� &��M�y�rE�7�<��p@څ��kP�eE�CX�� Sh��z��{��S��._��SY"�s��9��;@v��.Whu��9[�1ǟ�̾i�q�w#��()8�`�P国Y��(�6�� `��B�߬J"�BeC�hH�P�j{͠�u��q�Md��U�X�J��B|FL� Ün�mFdy�ἱ�

Sections

.text
Size: - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 988KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c4e6a5f6b49ecbd7aa11034ac5dbdf4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oledlg

oleacc

winspool.drv

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 197KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 25KB

.rsrc Size: 28KB - Virtual size: 226KB

.vmp0 Size: - Virtual size: 619KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 988KB - Virtual size: 984KB

.text
Size: - Virtual size: 197KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 25KB

.rsrc
Size: 28KB - Virtual size: 226KB

.vmp0
Size: - Virtual size: 619KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 988KB - Virtual size: 984KB