4b1d0ee11762a482dcd9118aa642fd42

Sharing

Copy URL

Twitter E-mail

General

Target

4b1d0ee11762a482dcd9118aa642fd42
Size

2.1MB
MD5

4b1d0ee11762a482dcd9118aa642fd42
SHA1

b6882397b634ec377eafb7be791568a5d469a2ac
SHA256

e7123293b3b35c5d65f120a338978d86aaf0dea000f7c65dff1d0b478cec41ef
SHA512

9b87f986a42cd0758e8e7171642346daffbc75c780814307bdeadc1dce55bb2fcb93c25c9f0b9beb8dcac8cecccc0e7884d74676693b8c8e37392ffee159157c
SSDEEP

49152:uS28tfwGP6ZhE4y6qE5e7gpfgY0KSlxotAojCbyTcHWMsW2Sw0:/28BwxZS6qwuKYoBubyTc3sW8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b1d0ee11762a482dcd9118aa642fd42

Files

4b1d0ee11762a482dcd9118aa642fd42
.exe windows:4 windows x86 arch:x86

7ddc0c7a64c130148dc98a21cce9756f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

InflateRect

gdi32

SetBkColor

winmm

midiStreamClose

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

SysFreeString

comctl32

ord17

oledlg

ord8

ws2_32

recv

comdlg32

ChooseColorA

Exports

Exports

z��0�5 ��S(�=�qh��kVQ�!�8▪�Ռ�1ǟ��n�̑��5��90+��t ��1B��sj(y��e&"#��S�.ʱz]��_��PHK��ˋ�4X��0� �"o��aD�|6��s0tsҩ��"� 2��5�k��K�)�$�) O�蛂#S�4��{��5��-n/�˒k��l��0��>�ĺ�rr��F�ر9B��Hz��ԠН.��lXQ��+�%�NN�0j�K%��q�N�U�ǋ��@�>��É��AXc$L��g}�u�F��h*&�fF|�u��#�kU�@Ex��F�8�ߕ&�dwY�"��muȂ�D�a��'�a�u�w�i�8ǎ��؍�B��Z�`��&�:=��s�x��qf�7')��*��c1)+KW_�z�h�ҷ�c��wS�·�e��l��Fk��Kf<i/�+��0��\u皫h��C�ȜG�e��Ԙ1q� =��-�]웞�:��I�O�~�^��#�t��P��5��W��r̃��r�~�X�T��l��Q��c0Q��M��ȣe.:�hk�,4T��c��o�cx._,��.q��Ek�R�r��i�I��]��T��ѺZа�ٮ��C�nR+�\ȅ�dt�^~f ��e��vt�*��F��Q�Z��"vs7!��-)��g�X�;��!�J��c*��ċ��(U;TrF�qC��ժ�0�,�T9b~ �^B~|N�i��̝nR�!��5&��f��Ĝ gz�JE,�c��OQ��H�a�Krݳ�o�^�Z�*��o��[ḷ;y��h=��ؕ��ӆ"O!L�J��Z`��o� ��ٝo؄X\��0��Y��/��0�x��b�Ɵ'J�r�� r�-��ܲ��ߠP|�9�M��U9��!4��ɲ%G��d"H��pÌ�5b��e��m98;��Ė�;��T�[�k7��,��0,}N�L��E��l暣�z|��R�7{/�pb@��*�E�%��Ģך�;��C�4as� ��-�y��mz��+�Ar+�i�O�j��B��r}۴�Ó�G��|?��д$0��R4Q�*��|q��S�9�Z��F��Q864ٯxM��R�q�I��/��ċ��Q�~!3��-3��`R�fۂ��t�3%3K�-��Ɠ�D��S�� "�3J>�k��l0.:Z'Ц�� 9=ȹ��)C)sQ��1��}��rJ��o=�i9�˛�(5��֓:�) 'r��g5�LY(��p��P� �l̲+-�Iw��C/�_c��|s�T� 9�'��B��(�Q��"�K��qH"��cg]�%��/��&*�˜�� [<��>G��0I��љ��n2}Y��9G�yjʯ��>�_� �5��V.��QB��w�}��H۳:!Z�Wrk �I��K��"1<��}]g�5$g��uvϓs1��="G��o��O��Vb�_,��?E"+��L�R�q�r�<� ɎZF+|1`i�V��Xk��|��P6�%tǼ�sq�AT��,��C��E��H�Wc�ra��NɍA��څ��8�*�s��3��Ŷ��4�_�l"�c�E��4��!�0��J�k�b8��.��N��)�~��h B��ȥ��<k��ۂ_��jL��@��Oɍî�&\��{K��<%�,3��oF_��Pro��kGX��a0��u � WV��t3k��f��U+^+��}y w��(l��t2��T��+Vw<��}e��@�ԗd�'RJ{~�#:�u��č��H�Ŋ��Kf�&�e{��g_��"�LG��ha��L�JO\f��m_�L0��TL��W(�ن��Y_YS�M�<=�}��Y��J$��ic��[�|�C"�̟^hh�-f��r͞��C�<��u��3Y�cey��M��Ռ+�,�L�9�K��M�ֻ�V��|��ɍ��,4�T��瞽%1��JH=&�xy�\n�.�p�N�{��v��=]�vTA:&��/��!o��U��WO�)�� V��"�P����¯�kU_�R%X��M~D�j%�ih'Ij��T��5�%��'E��0"��G�9��g&��S=�_H��JQ'ň�j��ȦS�Ѧ�S�|��Jj2�c3��V�&��F�9��i��ik��5}Po�Q��5� �H�6�/Yw�ߏ�̥k��/$#t�`�;bM��+�܋ר�֚,�':��X��ӱݹf��7w��y��=�� n�Q� wGcGw3O��qJ�L�W�[g'�}�~X��S��m��ԏz;S )��&p��H��h�1 $�>$fVݤ�kG�~��L�"��_䓗�^ј�[��z&��8 �m��ݐ0��DsAA��+��{S˳�*�[�+/Sv/VGN?a5��f��C��C!��Ц�J�>x�&��8�T9��U��]�9��+V��LR#]f2�͸K�m̬g�1#�#��;�v!��zsR�a�i�s_V��^��Ҁ��A�g��d��`Ox��9b�7->ǈ��T��Q��s��N�� <$H� yu� �o��,��S�5��h��6 py�>?�HO]I�ܿE��åW�?�4f;V��l��vJ�3g��G ;��jT��\�u�gn�͝gxܩ�[��e�H� �4kX��!Ȁz��S��Ҹ=��ˉ�6��? �4�95P`>�S0��Q-jƟ��w�r]8:|Z�XpH�]S|3��pQ�D��0Kh2R#1pBP�� 6�"(\�YE��:��?:v��

Sections

.text
Size: - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ddc0c7a64c130148dc98a21cce9756f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 455KB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 173KB

.rsrc Size: 20KB - Virtual size: 34KB

.vmp0 Size: - Virtual size: 513KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.text
Size: - Virtual size: 455KB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 173KB

.rsrc
Size: 20KB - Virtual size: 34KB

.vmp0
Size: - Virtual size: 513KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.0MB - Virtual size: 2.0MB