f8b626d638c4f7dad13330557c49b148a42a54e8d96da1767c6b413c653ec445[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f8b626d638c4f7dad13330557c49b148a42a54e8d96da1767c6b413c653ec445.exe
Size

1.9MB
MD5

0c575308d12c2194af27612e8b97a57e
SHA1

8e8a8898fdca9b49fcaae1a9870eaac49cee8c3a
SHA256

f8b626d638c4f7dad13330557c49b148a42a54e8d96da1767c6b413c653ec445
SHA512

8f5baf02016305c351c84adccd02dbe987e7707735f2fe54b6a3cb3dbc847c34fd572923dc308e16d9388eb564bc15c0c6aa66e662b6697df86c7e6658720959
SSDEEP

49152:e5At40lo54psW/WsdiyNIPVSIpgmTPkvFZV:e5MTC5Sv/WsgyC9/gdb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8b626d638c4f7dad13330557c49b148a42a54e8d96da1767c6b413c653ec445.exe

Files

f8b626d638c4f7dad13330557c49b148a42a54e8d96da1767c6b413c653ec445.exe
.exe windows:5 windows x86 arch:x86

97d69de8e0ea678b104859f0608c26fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamClose

ws2_32

getpeername

kernel32

FileTimeToLocalFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CallNextHookEx

gdi32

GetBkMode

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc

oleaut32

SafeArrayGetLBound

comctl32

ImageList_Destroy

oledlg

ord8

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97d69de8e0ea678b104859f0608c26fa

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

comdlg32

Sections

.text Size: - Virtual size: 523KB

.rdata Size: - Virtual size: 1.0MB

.data Size: - Virtual size: 259KB

.vmp0 Size: - Virtual size: 824KB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: - Virtual size: 523KB

.rdata
Size: - Virtual size: 1.0MB

.data
Size: - Virtual size: 259KB

.vmp0
Size: - Virtual size: 824KB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 12KB - Virtual size: 10KB