1a2a560e957632f80f8ee2c9dda7d3a0

Sharing

Copy URL

Twitter E-mail

General

Target

1a2a560e957632f80f8ee2c9dda7d3a0
Size

5.1MB
MD5

1a2a560e957632f80f8ee2c9dda7d3a0
SHA1

9e478fa93cfc65a245c3931dbca47f5f985d74f1
SHA256

6c5d271ef639c261074a126ceec0218cbc578229411a273d92647a549d9f4429
SHA512

0e2232bc5f499509f43e1e755492356d98713d0b9cd68c128ca00ac8c15fb4407650ada50b7c5b02f65291c8f79bc1a5297d1c4eca650df61b46aa29f777d51d
SSDEEP

98304:+JJjHr7onSkPKok4M+cSZcRxhToIGTCCfJakPIFzi5PpX:6JjHHo+F4yRRIBxNPIFzkpX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a2a560e957632f80f8ee2c9dda7d3a0

Files

1a2a560e957632f80f8ee2c9dda7d3a0
.exe .ps1 windows:6 windows x86 arch:x86 polyglot

c437732bbaf22f5c7dd75340a78fb699

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

normaliz

IdnToAscii

ws2_32

WSACloseEvent

wldap32

ord27

crypt32

CertFreeCertificateChain

advapi32

CryptHashData

wtsapi32

WTSSendMessageW

Exports

Exports

��yz��\�u�+��D��:L��4IQi/��!�@I��g�٪~E�6_��2�< xU��G�z~;��Q��|�)��+{g8=��z��ndިj� V��YyB�߽�\�;u��]��Ϻ��va}vG��t��K;ֿ�"�o߃:�X�� B��ό�� Mα��[�ŀ�:z\�[ߗ�b��(��M��p&<ű�&�`,$a�;[�C��N��pEkch@B��y��Bv e�]`+��K/��&�O� �\F�pX6��Y�An��~��*�z� e�A��6�Q!BgopW�C�T�Q]�*GM��%��_�'#��U�:�->��1��V�un�Z�}7�/�Ev%gQ�v̟G�x|��RIsZ{��/]��Cl�Ak��*}[QB��_A��ȉX{Mc�?��f�(,{p��ص�L�XT��w�j��A�0,�F��S��T8�Zb��iT��h``d��`o��"��!j`��[L0�' u�oOb4|;{`��.��/�@�X��rlߥ��3�"#�e`Y��Y��R�bRs��HHm��k�ߋr� ��1�h�r��?Num2D��l%��-��F֍iU�}RX��eB�Lŭ�n7AmY��݁�c�k�A�U�D��A��O�y�9�,��$;�gi+"ǣNE�aP9�/$a��W�� ŸD�?`�e��Y >��z�=w-�cc�Ԣ/PC�P�b�o�7�x"`��->�Ȇy�hs ��-ii��C�ΑX��ݟ �>�^8�e��`�G��Qa�8დ]݊͞{�N�pP5͈X��B # E`��գ�7�.�v� ��`;�Nn�Jt�s��+4��yBH�4��P(��߀pl}��BWD�H�� 0��!��ɛY��ħ$`ۋ0%m�T�NRQ�CL�ԀX�W�� jm�-_'W�:�Q��JH��;�i�8�";�rw� ��>��(�__��L�fގiĹ$)��L־L�g�x�ZYY�7�_k�V+>dK�51�ub��R��C˄�-sf-��W+�bE�L��Ա� ��N��L��H,�=R�,x!)ؤH< i>:8��劲��L� #[��<~��F��{��4i�1��jܽ4y��V�f�JO�{a�n�q�h��7��U�K��4"WW�nj̝��(T �4_��U��&5��y'��y�Z�3+N��I7o��Ke�e~�_�@��f� �gN��5At�W[�h��uTJi� �:c��y��! ��6��-��S[�a&R>Լ6-�U<��r��H$��)�u S��Z%ĝ �=�n<��,��}��:՝��&%͹�r�Y�C�V��v5f��G{z��Ն��X),�2��?wd��M��`eF�d�6��5�u{C{��m#�� }��!�2��+I�uc��e� ]`*��s 2@�:!j��"#O��y�� )��Y��W��Y'��@��3�� Su%�e�!�2_?��25�B��a'�a�� +�J��zNU��z��NscP��L�< ��/U��j򿸪��{�}@~L�EniJ��@�bs�+/90<�t��+��#��m�/��_݈<i�r��uXnQ:�E~��u��2�.Wza��URK6B��~��]P��dj��'D�.�i��l�AՎ��2��Z��tˇ�K�V�r��"~�y3f�E��+T�_��j�2��-��E��ﬁk�:v��Sԃ� ΋��T:�y��!4C�'�B��V�y��Z��Nh�b��b��НtP�S�Z'��%��(�N79�� ԅ+ ��,m��bC3iDY �'��QC��`-��6~E�q��|[~ WZ�d�B,W%�"��Oá��h7�J�O�)�_�E��ǒ#<}��h7�/U�FbU�-��S�%�K��|~Cc�ȃ��F��c9�IP; !��!�nþoob�V>�?Jll-O�� sFl��*C�̞��n��>��)� v'�x&�i�s��5��2��߉LqqJ��Ƕvg}�q�勫�P��C�4�<��c� �<�t�烠؟W�"�ɴ�z\�� ~z�E{�ŋ�t��j�d�0�?&=8X*�h�0K��h��S�۔[:$��߸H��H۔�07�/v�#�S}�+��O��?}d�5��ڝ��!�gx��q��廂j��Yb��xOa��5�@@��A��;=�#T+��V�h��I떽�YVts��UM� ��T"��VU�4��K��֧�#ɯXL��g"H��9��9DJ*� ��% ��G�c��Փ��1Ќ�K��#a�fk`��Kx}mpP(�v��d�EPc��b�� {? ��M�[��A^Y��V��B?�+]��c�,�̬��G�k��t`�󴝱�'lI��[6ꊑŚ��I� ��A�o�q��;��h̲*��*J�p[^��!��\�@1t?R��$��;<ɛ��o.��:+Ut�M�V��Q�o��X�üJ00NJ1۹��T�]@�g��E��Jyxm��%��1�L��]54#�eI�GT��镺Iw��v�N�p��_O �i0E4]5F�%uަR�ŏ�2d+��^_�1��#g9IT�٦�6�r`� ظfs`�f>�V��ۤ+�h�7?�$�� m6��[[�i�{Ѡ�5M��Q$OY��G�[� ��P��}0��,��s��z"g�� H�Bq*|��Ԅ2��o��gX$M��W�n�(�x�S��fA{?p��v�J�^<��ʟЮsA"h{�

Sections

.text
Size: - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c437732bbaf22f5c7dd75340a78fb699

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

normaliz

ws2_32

wldap32

crypt32

advapi32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 528KB

.rdata Size: - Virtual size: 117KB

.data Size: - Virtual size: 8KB

.vmp0 Size: - Virtual size: 2.9MB

.vmp1 Size: 5.1MB - Virtual size: 5.1MB

.rsrc Size: 1024B - Virtual size: 636B

.text
Size: - Virtual size: 528KB

.rdata
Size: - Virtual size: 117KB

.data
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 2.9MB

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

.rsrc
Size: 1024B - Virtual size: 636B