29a493e2fbf3adcbf9764e72b4ee9c23

Sharing

Copy URL Twitter E-mail

General

Target

29a493e2fbf3adcbf9764e72b4ee9c23
Size

3.9MB
MD5

29a493e2fbf3adcbf9764e72b4ee9c23
SHA1

d7bd48a0f7bf3518734b7c018880ff490117a495
SHA256

be5427ef7f3d2c02615c372dcc14484d912a39893cf7c943404a6a018b2bec1d
SHA512

ca2c2ac08d3e52c0db804adc968db21f4c239309503f28f4147030534c95e2ee0b08cf361b54abf411f9f5e97b3fbf6ed51d6b153d99c751a9a15bdfeb1c6218
SSDEEP

98304:kIC8YWr8C3OW7fxuxgfC98EvLTM/c7WzoUZvidiXLP:kIC+mgfA8CMEWoUY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a493e2fbf3adcbf9764e72b4ee9c23

Files

29a493e2fbf3adcbf9764e72b4ee9c23
.exe windows:5 windows x86 arch:x86

0a40124eafaa81043b0c9c5ce9888acc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
GetVersionExA
GetVersion
HeapAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadStringA

gdi32

SetBkMode

gdiplus

GdiplusStartup

ole32

OleRun

imm32

ImmSetCompositionWindow

shell32

Shell_NotifyIconA

shlwapi

PathFileExistsA

winmm

waveOutPrepareHeader

ws2_32

htonl

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

oleaut32

SafeArrayDestroy

comctl32

ImageList_Destroy

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1019KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.9MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a40124eafaa81043b0c9c5ce9888acc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

ole32

imm32

shell32

shlwapi

winmm

ws2_32

winspool.drv

advapi32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 3.3MB

.rdata Size: - Virtual size: 3.6MB

.data Size: - Virtual size: 702KB

.vmp0 Size: - Virtual size: 1019KB

.vmp1 Size: 3.9MB - Virtual size: 3.8MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 3.3MB

.rdata
Size: - Virtual size: 3.6MB

.data
Size: - Virtual size: 702KB

.vmp0
Size: - Virtual size: 1019KB

.vmp1
Size: 3.9MB - Virtual size: 3.8MB

.rsrc
Size: 8KB - Virtual size: 6KB