c48d8bb39e0fdf5c3bda8de271f97176864e2c2d78438af630b83cc5fd0067ca

Sharing

Copy URL Twitter E-mail

General

Target

c48d8bb39e0fdf5c3bda8de271f97176864e2c2d78438af630b83cc5fd0067ca
Size

9.0MB
MD5

40f264522335c022ff70988eaefcecd8
SHA1

e7e92a1fe14043ca82c592b8e2b26094627c77cf
SHA256

c48d8bb39e0fdf5c3bda8de271f97176864e2c2d78438af630b83cc5fd0067ca
SHA512

329659b3113543ed2b226e88e7598bee9fb1a1f8217184fdcced62723a89bda5c0d5072e800ca3de84a8083a718572edfd1bb581d6c2b9942c8771704dc22195
SSDEEP

196608:HVtq45/08iOZTRA9G8xc8tV9zWlugjcPYrRSG7gnaCoK8wv+kaGXa:1tqu0/GuPK8tVgugM2SG7kaCX7a

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c48d8bb39e0fdf5c3bda8de271f97176864e2c2d78438af630b83cc5fd0067ca

Files

c48d8bb39e0fdf5c3bda8de271f97176864e2c2d78438af630b83cc5fd0067ca
.exe windows:5 windows x86 arch:x86

dd2ead1bbac235cb6d9693bd9605fd89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader

ws2_32

recvfrom

rasapi32

RasGetConnectStatusA

kernel32

SuspendThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

BeginPaint

gdi32

GetTextColor

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleRun

oleaut32

SafeArrayPutElement

comctl32

ImageList_DragLeave

wininet

InternetCloseHandle

comdlg32

GetFileTitleA

Exports

Exports

�^�>�ʷ��X��G�m/6��wF��!�cjX��"�(�nC3��D�Z� ��B��_�rHWY�M�[��Q��Fl��.�̜j��f�8[�A��n1S��#�*��T�[��2ܢ@��C��Cf��sU}�'��p�� o��X�f��L.�mH�AK�9��(��g��k�z�\`#w� J��"OeN�3��L�e\��C�%�F�S��P��;N�E�}��J��T9��i&��QQ��n��YC=�Y�Z�ue��}��g��<jq㤞ۆk�cv��B)W�s�蛳��_h< X��X�j��h�}�!�T��ő��9��?�٦��Z�8�J�p�7x��hsn��Dp�5��U�L�F�W�G]E�և6ݴ� ��_�^�:��F��1�rƏ�]�t��Κa�m�[+R��M��V��<��=8�)(�V=��)hKC��V��Z;~� ãh��cG��w��d�Y��F�� /��䗍8�c0��7 �:")��#qW5�pI��y��&�Y��/� ��R�Q�M7�'zV|��[�@T�>��LbuCba��c�L� ��Oi�޴n��:X�&X 8��*H��i��%��|�ߝ�fyt.�:��Η":�F �);tb�a�|8��M*-"cg��J��mMKR�f�'�[I��bё�1�sv]7��{�AA��g�Q�q�*昶�vz֨Z3V��=� ��p-Aц��m� ��aϒ�VR<��_��<�s0��T�B1�}Y��<@�vxB��۩*T* ��'�!{��<��R[��o��2C�~J�ePf��QzՕ��+f��!OO;j��*3��c̄F!=�UZ�v�o�uE՝z� (xX��͒��.Ͼ#�c�GG��(YZ�z�!��.�f��;,%�R��b��=uHsa�:�Y�x��)��P雊�h�ZX��nkp ��+x�(�(�gB4`��W��[T��n�/�÷IFyf��m7Y��y��9�>Yxfo�f]�:@��T��3�"��0R�>|�9ܥ��J=or��\�I��Jڮ��u�o(y� 2�s_b�S�M>��Cٿe��ͩXZH}�/�r��%��q�j�2� �Mk�.�]�Ǔ��,S��Q.o;�w��*��Q��{��o@/��yZl9̹��Q��j��E|��wDg�:��Yv.2 ��v({��ѫ��px:��`��/�<A ��p�? ��|d��$��k�\4��u4ѥ?H�w �wI�s&��<V�5�C��K$��6`ԧ�ʨ�T)�ϲ�Q��}y�[q;��Ѝɼ��Pt:��oN�B-�P>�g��8r�j0G�8�&T��N��ͫ�! �zw��aʇ�R��Z+]��6�1�Z,*&_��xVp��`Bl�� ,ʧx��>9�$zY��[� ��@aD�4`�8�MQNn!9�)B`ն�L�I0��P�&�g��:�'1��Ƣ��4̄c(�}�P� ?$��,��}8�qH2W�OĮU��T�x�r�YK��sݾb�3hN%�� ӲuJ�$c诞3�&'2B�8׶ez�<'��L��Yb�<�7� ��t=w��*CCC�Ά��+'��`m��gw��LP𸧁��w�M��z��=V"'t�[4��>o̪��.I|�7��&�,��m��ࣿ�� *n��go��[p?9�?��u� �|u�37\�� L��gm�]��y\J�9�ε�^_��j��(iZ�\��di<<��_��;�_��/,7�0!|h�[֌��H��6�Y�UY5^��}^��y}ݑ1��<�Lg&-��5k�4��7�0 l]� � y� ��lG9#fKS�� ˤd\��z�=WDb��[�ĕ��dY��CQ��D��7̶�V!��\�t(�:�I��@��ذ��ki�Q��F��2��t5\�e�$LVf8�2ŜN�po�$��.��eb��\��50�նSM�Xa��C�S�f&j&�_@̿<��T�l*� {� }��N{�#�t�^Y�M�7�>�X�[��BBt��ΉC1e�3- |�:ǖ(�a��k"�iUlIm41��ō 'S,Ԉ�d��4 ��i|�ﲖ6�ª��w>��a?{�(��ќ�2�u&Vgڊ�"��;00́S8%��ب��h��ң�6�%~�n�zN��`쬤w�r.�O.p�L��B�H8j��g�_R?7�VJaS��PX�1��C#�8@�ⳍ�n��Gqws�{�ve�j��Grl_��!�ל��un�9�:�w4 � ��$&�A��ou�b�"��}��&mK�Zd֖t�CҠ_x޻Z s��V�� |n�Fh@Y/r�%S�"{��ˋ�{"��J��)�Jn�;��p��L��l�Gͨ&5'��X�<E�k�Q}�P3��!G�c��Cr��T�&% 3��^��:�� ]��Ey��޸�´��b��ŵ��9Tm��Tʱ�u�,�p�ET�MzG��d@i;��U4��u��eM: ?�3٩\�,��Zo.�kЉ�/��|�o�B!�n�76 zGq̕&�:�Ry��3ݿ��㝠{Y缣�I��KbB�N�/ �|��t��/hݴ�y��?[ge�1�tTSVgY&ՐW(�I�]�c��3�~Q��l�.o��N�� ۮ}��.��PK�Vb��Ǯ��l��R��P1j��QjQ��Z��9S�#��i��ۢ�� W��1��V� m�]>��c�s�U>"v�gp�q9��v_O��oi2�n��\�: ��<F+�r�kz��jI��D+h��D��

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2ead1bbac235cb6d9693bd9605fd89

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 1.4MB

.rdata Size: - Virtual size: 852KB

.data Size: - Virtual size: 431KB

.vmp0 Size: - Virtual size: 7.0MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 9.0MB - Virtual size: 9.0MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 1.4MB

.rdata
Size: - Virtual size: 852KB

.data
Size: - Virtual size: 431KB

.vmp0
Size: - Virtual size: 7.0MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 9.0MB - Virtual size: 9.0MB

.rsrc
Size: 20KB - Virtual size: 19KB