4b80cdc8d14d97440f242688f7ef5398

Sharing

Copy URL

Twitter E-mail

General

Target

4b80cdc8d14d97440f242688f7ef5398
Size

1.1MB
MD5

4b80cdc8d14d97440f242688f7ef5398
SHA1

85a47cf0886da147f6522f25745f18d5defa7c5a
SHA256

fbdf7d77c581ae66a5da7de304c534cc850fccfaec6a876345753ec4bdfa3234
SHA512

e83e869f0228d8a8991f6c400f73bff51d2f6ab9686ff2047d5563b77cc91494eb2f811e3331068e3382be76c83f547d89b2f18d9af854cf1fa8fed9721de74f
SSDEEP

24576:USpGgFAnifDPTIrkZ1hZR9XWpTYtE1pj/fijjK+BF5H78:USYgiiDTIrIHZPoTVXj/QO+n5b8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b80cdc8d14d97440f242688f7ef5398

Files

4b80cdc8d14d97440f242688f7ef5398
.exe windows:4 windows x86 arch:x86

8aae98922fcd5a18efc0a9a2d3ccabc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

UnregisterClassA

gdi32

ScaleWindowExtEx

winmm

midiOutPrepareHeader

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CoRegisterMessageFilter

oleaut32

SysAllocStringLen

comctl32

ord17

oledlg

ord8

ws2_32

WSACleanup

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8aae98922fcd5a18efc0a9a2d3ccabc4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 547KB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 210KB

.rsrc Size: 12KB - Virtual size: 23KB

.vmp0 Size: - Virtual size: 325KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.text
Size: - Virtual size: 547KB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 210KB

.rsrc
Size: 12KB - Virtual size: 23KB

.vmp0
Size: - Virtual size: 325KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB