edcd86551c2bcff8b8de03fd82f27cf5[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

edcd86551c2bcff8b8de03fd82f27cf5.bin
Size

6.2MB
MD5

edcd86551c2bcff8b8de03fd82f27cf5
SHA1

a42c6907792b2b334fab6e53b580f5500833ea83
SHA256

a0bbbfd46790fa674ca606fda05dc4501cabd927da3697bfb2ea270aa6e79cea
SHA512

a034711c413b417178f366cfa0a2e3450b16956fc9f935661938b70c49d69373cd234299d4fd612dd622db7d44314101349cee799d6dcb1b4f456e6b73960ab4
SSDEEP

196608:dKHoLkWzO3MoteSn6AITRxdmLnU4rqFbSrmgfp5R76Ga:tLkKoom6ACdyUmqlSbl76G

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edcd86551c2bcff8b8de03fd82f27cf5.bin

Files

edcd86551c2bcff8b8de03fd82f27cf5.bin
.exe windows:5 windows x86 arch:x86

1c3089afeecd11feebb05bc59eea335a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

%�͕��(�� z�tU��b(*�1[fW�3��6{<e��,�Z�\��0F�s ��>Sܛ�X$�~%�O]�H�O��̈��)VS*�իU!Sd��C��Z�.��j�h)ŉ��M��E�T�#��a��?J��2�U��x� %�.C��y��85��QiH��ʹ��c��h��2>��)$��l��Zƀ{i��\UA�z^��v8Ր�3$��Ҵ��z�t@Q�]�o0Q�s��<�rG��~rӝ��c��z-�g�G��e@C�jsK,BM�Zdi5)��,�`��"v�j�r��B]�qgnƾ��ν��w1�jk�qui�0/|D��H�v��t�̖v7?²��I@��< ��`Bܟ\�RHu�f��"W#(�N��s�֕14�_�>�t �}��#\ 3��\2�LS�lkf�V��z+��z�֗]�V��M�x�^�ϵp��j��Q.o#��!�/��o�\Q G�!��y7د��c��DOs�F�R �^��! �~^v�M�@��!sG ��h��݇Xu+��%�?k��;�f/��.գ��T��K��N�f�5��#%��Z3jޓݝ7�ܼ��8@�P�2=��r<-��-�� pG�eC�*��|�p1(lQ�!�w�᥶��;w$6�oߍ�'�)޹%n+�r��(��E�� v�DW#��ܦ1�s�L_��J(�G6<*�V�-�fr��=��ʷ��t��<�3bw�G`��?�n�7 x�s�A�d��7��0cɇ�p�磾%�'0v� ��p�*5싈U��>VP�YE��YZEf�S�F[5�t�۸\��U�ƃ��U|2��F�9g�, �u;��%2�E��N�9rwǜ_k�g��5��.��V\�Ix}gz�.��+o�ck�5�0R�>�'\1]�"QD\�J��´��uL�v�[�{�r0&Û�e��'��Ω~+�%ql�/��>�&��"R-��yn ��1u��/�lK��_�>Cb��6xe�r�ie/D�S�B�r�~�"��V�� 77��g`��Kp/'��FfKF��7�4��'@nID)�A�H2�_�F�M��ܞ�<��<#��@��vt|"�~{��F��}a�m��S��}��ʚ��Vڽn�3Ҿs Y�-.��1��!��~݅9BFw3�`X}�/MR��?��2�Dբ�E��yIk�W#a�[1Q��C��.#�l~P풿�V�X��g6�t��t�ϥDqL��.cg��E$Y��ݑ��sf�˻d6�.��h�g�h�9��WjGbpS�6�Ov&Y��!H8o?��G��{�8F�lT�B:3]�\� >M�r]kV��+��F��w :�+=��}qP��S��?��3;�`��9Cͥ�e�Je�H�j%��39��? "�&��/�;�xt� �3��B-��R��n��_�v �pwP�6!��7z��ϫν#m��yˏI��:C�A�� Qy0�O�T�f� 'm��M��jh�u)��H��0�#�v��b��0P�pD�ֵ0 4�LC��)��&PĎ�O5|�\��e9�C�@ˆ��;�>�}2i��m�;l4E��G`��m.͒ŧ�Y1 Ϟa�I$JmW&��$ȚA��W��.�g��4F�BH��tr�`�g�(�@��'\~�L( $j�A6ԜB�m�;"��jf[�+c��R]�T~�NY=�-�mh��'��7` Z�{�,�R�R��r�r�g��ĕ�p�Ӻu��r&��\�i3� �h��3ݩι5蘴vu�RX��xS�[�|y��m]dJ��l�P��`�`��d��׶<�\5�񧗺K�ti��B�}�=��T��=|]��V�h�`�\�"ui^��{\M�8��J}�5� $�V�M+2��]��hp��i��0Os��Mm��7�o�_�4ͱH֎E\��/:��L�]|��Y_|A�ƪ��i��O:�eh~�~�1��e��b��΀��jJ4��ˋ"Nw��r�u�[�J�+�h�\֛�<(2yǱ��1�3$9��#A��N �f��{�yé�� HȂp��#!�Ut�pܿ�I�'��]eD^^K�B�"ѳ&��K��1Â�/�U�a�ȱ��^�{��{�eI�>��b��+r,Wo��u��7�hiA��/�K��C��K'��n�j��9�M&);��͖��dTl��Y�Z��0g��"�9�m�V|e�A�<�:e{�t��E�I��]��|��kݬ+�s�*�[�čs�0o�A~��z��z.3� �~�%}�WzU]MD�bwV�M�<!%�a�-��B��x]��MmY��H�>��gn0L�s[[��e�6�f�\]�¡�s4�B�{S��Z�*��ko�}��ۅ�<��Lԡ#X{<W�y��G��[��>B�5�Cq+OL2�[_��uo��!��-Jc��zB`��@��J_ +�!�ch��qb�uu��;��b��?@�ߕ�b�h��B��1�Ƅ��w;��|v�NK��4� ��9�=/s�CJ��kcs+�;\��q�KL�e�^��l?�ccTAm�k�ȫ��q��h�(X*��a&��r~C`{��䶨�[Y��}��iG�b%�&͛�A",w��!�)�d��O'�'��+Ux�!cz�j��m�ܖ��m��ڶ��Y�y��V�sZI*��a�^|��TϪlE�+ ,��$��Q��xU'�@�=P�g�9�-��L��qE�u�\-7��v��٪9�O�%��C��4iGXx|k�q��)\?y[��+<Y��A�@��=��j̽�i��P!�n%��c�dH��Y�UX��.��&��t�]��

Sections

.text
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c3089afeecd11feebb05bc59eea335a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 30KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 4.1MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 30KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 4.1MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB