0d19fbdf415e97391c5aacbb110d9085

General

Target

0d19fbdf415e97391c5aacbb110d9085
Size

1.4MB
MD5

0d19fbdf415e97391c5aacbb110d9085
SHA1

e05db784a2a108c127bd7efd5f21be3571ab5dc9
SHA256

66644d8948432903cb9d3116f62cc441c1078819c23bf29d93f9bb159ea30056
SHA512

36868651a2fe06e77d8e24f50124852e4c5ae9c34232c7ea2ad2903d340eb7c9821a4ac8c417a4b68f94219f5d7c94c1ccc224975917c41545bb6964e8f441ad
SSDEEP

24576:eNfV0jM72JOnzhnQkyRlP5ut/biQ33IFv9EvbfMM4OmF4ldH46SsWnHACo2dUZOy:CVWPJOBQNZg+Q3+EvQfR4UD/HQ2UZO2H

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d19fbdf415e97391c5aacbb110d9085

Files

0d19fbdf415e97391c5aacbb110d9085
.exe windows:4 windows x86 arch:x86

ab43eed96029bcce0b04dbf670788fe8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CreateAcceleratorTableA

gdi32

SetWindowExtEx

winmm

midiOutReset

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoCreateInstance

oleaut32

SysAllocString

comctl32

ord17

ws2_32

inet_ntoa

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 782KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab43eed96029bcce0b04dbf670788fe8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 467KB

.rdata Size: - Virtual size: 782KB

.data Size: - Virtual size: 133KB

.rsrc Size: 196KB - Virtual size: 206KB

.vmp0 Size: - Virtual size: 296KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.text
Size: - Virtual size: 467KB

.rdata
Size: - Virtual size: 782KB

.data
Size: - Virtual size: 133KB

.rsrc
Size: 196KB - Virtual size: 206KB

.vmp0
Size: - Virtual size: 296KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB