fb8a4b8ab577898183ab5af15313ca9d

Sharing

Copy URL

Twitter E-mail

General

Target

fb8a4b8ab577898183ab5af15313ca9d
Size

520KB
MD5

fb8a4b8ab577898183ab5af15313ca9d
SHA1

c334ed7e063633749967d53732f477c086a24c64
SHA256

e9bf4e95ad0591d57e33ed5423463a14098575e7f2c06fd709841f17586a24d5
SHA512

9184541ccafbb1c03ecf6c97bacc98aff6a0612b1d9ac1aed23d4b2c24c6402212302d3e1fc7491e7fa262f7dec42ab4cd57b2941bb1beeba4eabbb4c1e35826
SSDEEP

6144:BnGyc/lQm2GELJzGwEOEDcNkkny8akfL3k5De9yyp1q7dTQL+SZQ8oAYdhBenMkx:BnGrlQXOcNkknX33p1qx8UKYHBUfcDK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8a4b8ab577898183ab5af15313ca9d

Files

fb8a4b8ab577898183ab5af15313ca9d
.exe windows:4 windows x86 arch:x86

4108466851d273ee594a25949164b3a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

OpenClipboard
MessageBoxA

gdi32

SetStretchBltMode

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

recv

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4108466851d273ee594a25949164b3a0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 435KB

.rdata Size: - Virtual size: 184KB

.data Size: - Virtual size: 121KB

.rsrc Size: 16KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 155KB

.vmp1 Size: 496KB - Virtual size: 494KB

.reloc Size: 4KB - Virtual size: 108B

.text
Size: - Virtual size: 435KB

.rdata
Size: - Virtual size: 184KB

.data
Size: - Virtual size: 121KB

.rsrc
Size: 16KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 155KB

.vmp1
Size: 496KB - Virtual size: 494KB

.reloc
Size: 4KB - Virtual size: 108B