208f4555b860bcc8a5b834dad13dc7b6

Sharing

Copy URL

Twitter E-mail

General

Target

208f4555b860bcc8a5b834dad13dc7b6
Size

4.0MB
MD5

208f4555b860bcc8a5b834dad13dc7b6
SHA1

bf15814d8d235d207e20739f2bbbe1448fdbaf41
SHA256

e882dab3bb0be867f2beb89bdf0067c00c3a6086e12fe5178c8a5d8432da1701
SHA512

dbc1371eba4ad00cacbb87f4abd6dea4f6f3a01168a2a94096b054dbeb34df48e12d69cfa4f75677937e7c1453698fa52600f07cea57c4641ffce026c27eea31
SSDEEP

98304:9FzSQXmJcCGcb+8Fa5rXH1YLcOm2SAxf4zo:9FzdXmJvRvQVSoO0m4c

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
208f4555b860bcc8a5b834dad13dc7b6

Files

208f4555b860bcc8a5b834dad13dc7b6
.exe windows:4 windows x86 arch:x86

9ba5808216a226d199fabd0180472b51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

ws2_32

WSACleanup

comctl32

ord17

kernel32

GetACP
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDlgItem

shell32

ShellExecuteExA

Exports

Exports

K��G�Gf��GH�;/yi�� y2��q��Bư�Fs��Ls�譵��M��~I_<"|�ػ��a�X�J ��ބ$��Ό�ݖ�a�[��!y�c&� �8��)��B�:]��e��fңd�lY��Am�5$ۗ%�w�ga�]�>�*`4�|��40�g븡"�弹�PT�Z��~WT�é�r?��t� ��U��CУ��gL�l�-��l�YmPi��q�.*y&��2��e^f=7v��<��M��|irz�SK|_E��E��E7�-�w��1�O��l��3��<g��Jw�B>1��{͇��[��y3`�wi��b��̵�3+�[!�lZ(j��K��-�� P��8�#�g��}ft�`��n�� d�XCl��q��d�d��`n�u�d��s2ŀ]lq�$Ye�G<�7B Erfi��}U ,w��V@h�+�|�ʠ��c��:R��g�H�ٻ�?ұ�%��/��X�{�� .��o�7ؤlǐ�^j淈��ݴ�2�_zʺ��Ɂ��qz?e'��S]�ܠ%Jk��i�\�*�� ao��){�mS�*�ykc��Mf�ޘ/~��l.Yw��!��@�z+�׆�UV�N��H ��*#�,��z��/��nzȪ~|�O�̉j,��ꠝ;<�Ł��T��-A4��X��;>��.��T�?�r�̚)��7��p��/��"@}�.;�l�t�aV�?�wi�z:��'�p=:1Lb��/fTһ��w/�<9�UDLoN��^�F)�LM�_��vE��-n��vď$�%c�/q�*��n ��I��:#78�D^��,�<��p�v��hٓ��F�ܭ��́&J�T�l��bO�T '��^�u�r�E�m�(��7/��g��6�b�%��fo�J ��3�$e�ssP4[��mҶk8at�{��<7g��fq�[<�~��+NM�$�芟4�V��4�r��sE��B �hV��lx/82J��[w�� #�sC��"�n�T?��4��܆�!dn��+v;D�ϟx Ə�X�{W%3Ǹ�1b|��^g�J�)LneJ��?KE�O��Cyg�u��u�pX��A��y4��9��V��(��ڒQ�1�|��̓ϔJ5��2-'�-�с5�>ƾ��(�\7�!&�?��Ip�v��DQ��mZ��q��]��]NB��B��!��\�i�M��\�hѮ�^2;�m��V[(�5L*E�oCC�Y0��i:PN͙�� &��ʨ(Md%H�,� m@c>&�8zVb�oa�ه��6�~��[AV;!��C�|��#u|�5��+��)h��F�|>�~ǁ�� "��C[�q�!lk �w)��x��Zq��%�C��s��5��&��b �ޚtx!Z�t�ц�p��*��д2��rd8_Nݧ�9�Na2��n�� 7/�$/��s�"Љ.}T��=�9��F��nk��JQ�AZ�\�U?^��x��D��O"NXI�_˚O��OH,�,sv��R�n��=13y��D��@(�?o��-��o\��O��Z1K�Ar��y��]@8 �Cg o�I�cRg�P9h�b�UѨ(��p�Ow�Wu�S��qA�b��};$i\N�P�?��Ș��iD^�ۄ�l��L��Y�˖�p7�Q�/@�5߂��;P��U�@�[�v��!�M�T��b3mxz��Ȼ5� P0��K�Z��k��M�+ ?��a��6H)չP��(7��m��L�H�G��a��> ��m��be^�$�u�SHR3:�Ce��{JƏ�+1�VN�rH�`�w�E��2��=�*�C9缫�9bJ_��r�'F`E��7A0��4��ђ��k�_3��8��!m��& �s�p��*�|�/S�:sf-��Ҵ\n�2E�#��,u5�2�.>}ʝg�)m��s��ȭq�0�O��ES��c��ˇ P7�԰T��wm��t`t��9��a��dLE�ѕ^�{cQi"p�B&M��g��8�a�?�/#�~s3a�-��#| M�Vtt�2HR�g��_�߮�<t�s��$<��OH�_�]]P�G�*� �� `N�!9��x�pK/�K�b��Q~"^ :�J1��)��׆�*<�I\��/,�=%Tw�.��1�Pu �8�� k}B��aW+-\є,��c��:�oqv�mJ�al P.��3K%��0�{��i�T+�܄2��+��_�/�jZJ�1�)�e��j�qtDT�*}��r��C?��(I*��E@��@��%��4��cO�"wQ�^��/H��2n�1��`�e�"6W��D�d�*�>�7�)}�fN�{�H��#�.$��i�{6S֒J{�Y�a��ì�Kk��,�Tv�P��Ӑ�Zg�"2�Bfe �vC�WW_��O��l<s��ͷ��h��7�J�b1a�@�u��d��r�[�5��^��]��o[Za�7�co#p*�P\l�~��e9ᦂn3��^c݃��5bId��ҕj��]K �c�KqV"_�� )� �}�H7W{ ��^�=x��T�Rס�+�Y�)�U��U3��Gu��ȢC��.Ƽ+��`6X\��:��.��}�ರ� ��^樏 ��x?Zh�ͧ<�� ?o��R��x�M&N`d��_L,䀳��hA�׏f��_�:请)�K�#@�F��Њ�/7e��F�FL1��r��Mo��z��Ð}o ��l��Q}�9'�}��nR,`>��DAro�\j��z�"i��PȾr�{'C 'l�e½�� ?��,!�׹��G.M�\FO��Ųe��Av��K�̀��i; W��[ܥ��H�V��aZmk@0�

Sections

.text
Size: - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ba5808216a226d199fabd0180472b51

Headers

File Characteristics

Imports

psapi

ws2_32

comctl32

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 418KB

.rdata Size: - Virtual size: 92KB

.data Size: - Virtual size: 1.5MB

.vmp0 Size: 20KB - Virtual size: 16KB

.vmp1 Size: - Virtual size: 2.2MB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 3.9MB - Virtual size: 3.9MB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: - Virtual size: 418KB

.rdata
Size: - Virtual size: 92KB

.data
Size: - Virtual size: 1.5MB

.vmp0
Size: 20KB - Virtual size: 16KB

.vmp1
Size: - Virtual size: 2.2MB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 3.9MB - Virtual size: 3.9MB

.rsrc
Size: 20KB - Virtual size: 16KB