ea69a9be5a4b52791e451dd9963897d936e7dc560b45ba4c5cf42a07599a1950

Sharing

Copy URL Twitter E-mail

General

Target

ea69a9be5a4b52791e451dd9963897d936e7dc560b45ba4c5cf42a07599a1950
Size

12.9MB
MD5

be6b230591f04f2c5032489b7a7a2780
SHA1

e52100db38864070ff7f1c0d35cf1d6805fc388b
SHA256

ea69a9be5a4b52791e451dd9963897d936e7dc560b45ba4c5cf42a07599a1950
SHA512

1d621a7d33c28ba6d3c25513daa893b0d5f9ff9b39ea646a83ecf0cc6d277a92e40b96b30f390b7c004403263ead7e7f9f4cb4e53909c7978a2828ea2064c830
SSDEEP

196608:NPHpAQVkoR4+51VKZ5D0KPC6/z70ZoBEpr0n+oxvxLVG7viS/Ghd/:NPHp9VnxEIAv7Bhn+oxvxLAGS/qd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea69a9be5a4b52791e451dd9963897d936e7dc560b45ba4c5cf42a07599a1950

Files

ea69a9be5a4b52791e451dd9963897d936e7dc560b45ba4c5cf42a07599a1950
.exe windows:5 windows x86 arch:x86

9f6881bfba0f46290564a7bfbf369f4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamProperty

ws2_32

accept

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MapWindowPoints
CharUpperBuffW

gdi32

RoundRect

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

Exports

Exports

S5��Ep4��i��mn"_��UW�y��!��Iv�͢��D��A�ǿc�Gt|!P`2O�ji]�갇L�<wSV�۩�Q�Eux�*T�!y�V��m'*ڎ�zM�ye��`��C�#��+��G+Ԟ(�1*4>"ʳ��o�kb��慜��w��/ ��7,��ʬ��]�H�T�>��%��5>tD �#OS��.�y��)��]��8�<b�t�1��^�I�&��\7��uf!%�U�\0AV��GM��ؽ)�Z|�mr�� e�r��Q`8�k�p�G�#��b��m�Ҁc�uz&�w�=/p�6%�y�tg$�S��W�rEH��]�e[��;�B"[��J&�� ԂU�A�aM��L3��WݝW;�$|�0ڦ�rԢJ�� g�}��'f턊� �G`E(��'[:�a��Bi��ť6Ӝl��ƶ��L��I�{��%��pN3�|��.t��8��a�J��F?�:�\��KU�~S+�4�x��'a��Iq��#� �Z<b7t��Ł &Q��w��4<M�ʳ�]��u~Q ��J֎ɫ�T�~Y��N�?!�o�,S�#k��f��wdX~5B:�f��k��l��ZLr8��]�4�h��NW��!s��^ED��o��E�q�� L�@��M,��o��A�͆h(�R��~L��#��J�az��/5��1��0�Z�6��_�c��4��}x av噢m�O"{�nv˹X�d˻k�.B��أ��8p��.�mJ�D�ުu�a.⮔�\��^��`c /6�� .��-Ǜ0��2��o��$9ި�(W|��S��B�#�� ˔pMuh�(4Cim�i7�+;7DO��W~B_V@��x�$CaF�x�D��P8Fك@hu��z�݌&+�^6 ˰s38��p��G 7��xcm5�+��h�Q۩SRzv7h�<h�6H��-��s��-��03�K书򓪟��p}��e|k�x�Faf�6J��&��&��c�g�ͪ]�D�bF_1LL�V�R�"^��$w5�cԸ��S�u"�2�zC�#\��)�G[ {�1�<��o(U@�W4!��Mv(��-y�m��촞c��V�etf��A��h�Vp��{�942 h�/sc�5�A��٧�v�j9~��qkx��WL��E��q5D��P�9�A�� Rj��iih�tm�w~��a��V�7ƹ�UǑ,��ߋ��wp;"��;1��6&G�!e�V�i��N��=W��E�ڠ��䠳Ga��[��j��bkp�S7g�q��P�_��=�v�e�m�¡��(Tp$f��-b�`��߁J��Ӂ�T�.��?N7A��5�s��X�9d�d�X'�Q�gK/��| ��iB�fh�Xr��p��n�q2i�N}��Ư7��ذ��G�膧�[ƽcr.SlJ��aԖN��YI��A�O��7�}�^k�W��6l��j�t�:�?,�KZ�J^�$/0�;��6 ұ��8��FV�NhŊ۪R�*�*��T7��N�A�/��J?�y{.[r�]$+�<ZJ�}�� O�:^��zh1�e��V-l��MG��8�RY)��=ɚ�szBW�c&��a&�!��]�bp�U�@��$��Ҟ֍m��T��P�\nK ݾQ�B��7^rlva�V-j]��0̪�^� ��X]Ƌº&��1g�+� �Ҹ�#��C�1ô8�ߒ�cE��ZgXhNa� b_��y��~[�Y7g֧=�=0�#T�RƯ4�E� '<��*0�6��/�2�Ҭ܂�ׁ��F:�jv��^��ŔS��=e�y��\�pΠ�B��fc��T��kK�8��ɩ�%�Zu;��xN{�b#]B�%�1�!e��P�Իf��@� ��=ߦ]��L&�~zx�>#u*�/̭֬ [�X�� 1Y��:.1�*Td��&7��Y��[V��$p�ݢ�7��@�Qy|;��'T��z�ع�a�F�*��2� �<��d]�@��oe�um6d��OQs�Ɠ[�P�u�J�Xx&,��5wCn5��-�F-�4CA�TB��f"X�f��@Bt�8��T�y��I�Sm�3�M[�c|�C�h4��9U{�2�X��Ho8��D>#uU��D͠�$� �<��i,�M� K�q�Α��2�ԙC��oN��ا�?a�u#/��_ �=~��*�<�q��m�t>��7�+n'u�:�H�d45B��s8_�R�<��k�fTH� ��)��I�oK`�� Ry�Jy�;+��r�mN6��0=�2+��^�G��.z�Pi8eD��3k��Lu�6�q? �yo ]�� %i��O�ȴY$~OA��AqnS�)��:�E�K�RPe�,�H��{Y/� L&o��||��"�� (A��+Ui>��ݹ�4\ML�dү'.�(�.��l"� G�]\d(Òt�h��|�T��tԶ�9��_MQ�I��I��Z~%�|¸fes�n�./%��q�M�i�o2��9��E�R�z)��/ މ[��)�.�g�Oa ?s�8ۙ5�M�M��P��"��a@��̙��o$i@W��#UY�|3n*=�,�� O.��I��[hv�#2��9o-��Ý��E�7��,�t��v��^��x�=Ey��"�u��H��2`��_�[��n�e}�!�v��{2;��]0�R�Ｑ�4�򢛅C_�}��mH ��{��P��}��,�yj�y�F�� 0��h8�G.J�mr;:Ԡ� \� ��Lǧ�� *4�r��5%,��$d��^�z��-��#� UOZ>��nW6�'�L��1��v��4"��`0�

Sections

.text
Size: - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f6881bfba0f46290564a7bfbf369f4c

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 667KB

.rdata Size: - Virtual size: 6.9MB

.data Size: - Virtual size: 293KB

.vmp0 Size: - Virtual size: 4.1MB

.vmp1 Size: 4KB - Virtual size: 2KB

.vmp2 Size: 12.8MB - Virtual size: 12.8MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 667KB

.rdata
Size: - Virtual size: 6.9MB

.data
Size: - Virtual size: 293KB

.vmp0
Size: - Virtual size: 4.1MB

.vmp1
Size: 4KB - Virtual size: 2KB

.vmp2
Size: 12.8MB - Virtual size: 12.8MB

.rsrc
Size: 20KB - Virtual size: 19KB