799b515f02c866824df615d4b354d90e

Sharing

Copy URL

Twitter E-mail

General

Target

799b515f02c866824df615d4b354d90e
Size

92KB
MD5

799b515f02c866824df615d4b354d90e
SHA1

994ddfbf0620c71aa648dbf2d7f9e585688877ee
SHA256

4943c285be23b25e338ecb3b9b0d5d8ea2b2eb2e0bbf7392e1618086b3c71f90
SHA512

fde7bb11719008b76b2383bc3259ee1b857488af1b63cfe84ea93286df68f5b93e204dfe689bb16f6ae5dbca9bd7d5bc2cdd79cd6d545c2b4b6f685d2b3ee142
SSDEEP

1536:X1tbfjOTA92JGOrDPJ9OifW1kaNuOVQRZlAq6vFXnEu8koSFc:X1VL52JGOrDBU1DNpsyg/BSu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
799b515f02c866824df615d4b354d90e

Files

799b515f02c866824df615d4b354d90e
.dll windows:4 windows x86 arch:x86

0098e55d8e1b4791acfc07267a07d42e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

d3dx9_37

D3DXCreateTextureFromFileInMemory

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

msvcrt

_ftol

Exports

Exports

Direct3DCreate9
�~9�c�=a��͵��(�0��7�"�Zӯ��..��+V�xn��ǽ��p/&`C�S��Bv��D�N�� Ć_��)�Bu��"�:��]�@XY�C �*h�V2�7:?��oە4�0z�1�8�n��P�O��L��`�r��^�%9y��I�в�.f��}:-�m<��ҍ(��57�s��e?"��?��(f�JK��DU��0fsd�S��[�|!Mr�W�r��ܗ�j_3�)�N��ʪm��9�9WIc;�U�}�<��z�#��UV�Ȁ-H��O��O�D�e��w"�pt�B�~��o�X`zJ��m|�荖=�}5oM��=��C��i"��q$Y=ey�S�$��ãe�(OA�}lX�8l�;hFXM�a��L�+��0�0��ҽ�lN_�D�P6��g�3֭Ä��=2@s�c�Ns@Sz�JQ�c�{�w��TE��.��Ma��d�쀆��E�!K��*C��.�k20SK�u�I��ZG�0�s��k��`�Y��2��<bY9��M��C��:0R/�p�蒄��g[�&rk*��{�G��l9l\�("m�$~$��i��1*��GMÐ�(>嶾@�2ȋ��_��Z��o�*� WW��Qaج��j��?�҃Y�`�0�ԣSj&"��@��6�N�H��+˚�UU�S�co��H 8X��y>�@+��%�a22Y ��N�aA11�/ks�d��!�D�x��j 3�~�t�� po��D��1�pyއ'��z��đO� � ��H��|f�&��h�)B�k��Ҡ�;�V`l�vloG�` �+�V��>�0��_}6\.�d��OŊ'j�� MU�޲`��G"G�+�gl;(�]ߊT87��C� ��oBJ<��A�F�P(��Wy�С��q��q�ۧU�N̠�K/�g�;�^�&/�*L:�ޝ�,E��"'BQ�jp fҴ1j�^�m��Ď��;f:�B��r��s||<e��b<�:�8-��׋Ȭ�<K�̅��?�Y��4�\��~�G�8��[3�qW�)3B@l�hFn�R|��s#��jN�@2r�Q��h��}��o�Y��71 P-�-j��9#�P��@]�� 4�T�8��(NZ�aJfr'��~�0��D��+�� A��)*;�8[��/�n�tp��F��/�b��I��)?��Y=0�<hňZ�F��cv`S�N��=��s<o�r��QZY�FCK�h�W杺��&ǎ:��8�.��7]*{Zؤ�ux�葀�lf�5�� ]�� `�Nh#0��e�̓�5�y0�uiO�@�P��kt��˗2yC��3p��Lz�ܯ��I�*� �e�/v�O��(�ՔN1C��F/e�c��(�H�s�;İ hp��젉�vwS {2,��1�V�*�UsD��K� V��qæ��#� �(�\B�:u�w��H��RJ��|�G��G�� %�p�o�\��@�8�6P@S��zei��{��cR�<�6�R�}:��,�O��S�/b�;ol��%]/UҶk��W�ȔC��$�]��_4��e0��M�:�ں�kÚ�p��M��(��uD�_Z]��NTggcQ��j�'=o�5a��(ϝ�r�jt{lE�W�Ë��X/��ண� ��(b��'P��e��RA��T�*��.+zF��3��`�J�P��I:a-I��KQeo7I�?L�H6wl�5�8��,��<#��ߍ,J�1�K{Z'B�0�l6��.��Fmh�a=�`"f�f~ڰ��I�eB��M�&P-��u`bh��`��͑�3I�=�W��8��٘�$��m[ad>��E�P-@0�e.��»~|"�5��[�� " �}Rn�<N27n�Le�U%�XV��9)��ɯF��!F�]��<Śh��r�D��R�M_ w��`�O�� ̺y�B;�:�0�/;:C3j3��w�9:�]4��hN�=�Q^σ�5��9:�~o�-:b��f�E��a5��v�mھ�z�h�b�y� 0��B��ٯ��)�[��B��D��:��[�M4��9��}Bx�5��uYd̞��R۝@�6�x��n��6�V�V�7�zi��Q��jLo��G�V��<R��'�n؃��*Gx��UO�s��eج�ވ 8)�>��Ƹ�J��.��#��>�׵u|��v�B��Us]0�K��|�5��?LT�q^�P�y/w٫�w��|�w�2��Z�j.��+ &��.wx�R00k��g��;�I�3Q�L)��ߞ� ��Y�Qp�_��|fV�p=�&/��4��A])��<5�e [Z[i��B 1�?ibɹA��r!(��G�h�� ܹ��,��<>��-"DD��]N�Dr~�W��]W��!5JG2��M��Ra�C B�7��S�;�=��}sW� �\��Ѕ��Y�fgF�C� w.[4��X͒�љŵv�u8�ClV:�~1G��:C4i��d~�Fn��+��佣n��@ �)ȠS[��zV�c��iO��^��9^�� o�U,/��Cm��t��RzVM�bP��,�vX�od!�Q�`2��ϡ�=��x�+��O{D�8{��r��,��3��"7i��5x��Ȝ�Nd ��;�4h��\�cH�b�8]� �� i�W��MT嗦�/��b�܎��Dv��yRǖz��Ȝ�ҳ9[3��,&K� �;��6�J?��;��7.KY��Vj� � ��x\��+�m��f �F��s�P��,ϫ9Zk�X�G�ߟ�X�/��fL��6팰c��&ޠ\ޟ�� TCn��NJ��

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0098e55d8e1b4791acfc07267a07d42e

Headers

File Characteristics

Imports

kernel32

user32

d3dx9_37

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 996B

.vmp0 Size: - Virtual size: 1KB

.vmp1 Size: - Virtual size: 25KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 80KB - Virtual size: 76KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 996B

.vmp0
Size: - Virtual size: 1KB

.vmp1
Size: - Virtual size: 25KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 80KB - Virtual size: 76KB

.reloc
Size: 4KB - Virtual size: 200B