aa00659efc60ec3465d8da79e591c2ae9c7a4c6487a1720875c72f2ccdb2b82b

Sharing

Copy URL Twitter E-mail

General

Target

aa00659efc60ec3465d8da79e591c2ae9c7a4c6487a1720875c72f2ccdb2b82b
Size

1.8MB
MD5

119929c231945fb8ae4e0e9773221911
SHA1

b1a9c56eeaa9c1faec1aca695ff9ac8bdba1530d
SHA256

aa00659efc60ec3465d8da79e591c2ae9c7a4c6487a1720875c72f2ccdb2b82b
SHA512

530c1b168a30d0e05d016329bbeb10ed1dfa328791ada53d926a5c264fee1355c8e07477c76f2c055b560e1ec0b550570e5cbf3ae1ef81b4e1004024ff689016
SSDEEP

49152:ngpk5ncb6OrzHFOxELVXIwPzZ2Liov+GQ4DL8Ym18z/biEdlwKb:gpWcbTzHYgVXIwP12v2CDSKHiEd6Kb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa00659efc60ec3465d8da79e591c2ae9c7a4c6487a1720875c72f2ccdb2b82b

Files

aa00659efc60ec3465d8da79e591c2ae9c7a4c6487a1720875c72f2ccdb2b82b
.exe windows:5 windows x86 arch:x86

df026a517cbb60b446b6192188d76cbb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MoveWindow

gdi32

RoundRect

winmm

waveOutUnprepareHeader

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

ws2_32

WSAAsyncSelect

wldap32

ord29

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df026a517cbb60b446b6192188d76cbb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wldap32

comdlg32

Sections

.text Size: - Virtual size: 752KB

.rdata Size: - Virtual size: 235KB

.data Size: - Virtual size: 292KB

.vmp0 Size: - Virtual size: 1.1MB

.vmp1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 44KB - Virtual size: 43KB

.text
Size: - Virtual size: 752KB

.rdata
Size: - Virtual size: 235KB

.data
Size: - Virtual size: 292KB

.vmp0
Size: - Virtual size: 1.1MB

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 44KB - Virtual size: 43KB