a3733ee369a97168d627b961426c26116d450a4a5f4aa5aa755753e0f93b4e1f

Sharing

Copy URL Twitter E-mail

General

Target

a3733ee369a97168d627b961426c26116d450a4a5f4aa5aa755753e0f93b4e1f
Size

2.7MB
MD5

5e42722cbd9c69741acbe9f8d6f3af6c
SHA1

5dd8d5f28e06186cfcf7770cd5d9bc508e6c9525
SHA256

a3733ee369a97168d627b961426c26116d450a4a5f4aa5aa755753e0f93b4e1f
SHA512

db19d86f2f69c4f63b17daf4318140595c9b6e1f1ac287b19d34130697dca6f225a3aedce6b90a2ab4bd4d1069b87deea53f4def81ed2fcab29c5cf96dfdb867
SSDEEP

49152:oewPNXdRdGGgAlN7DuhV+JCqCzEwZsRqy7gq+z0rLt2E:oekXdtL7jMqCA17gfqk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3733ee369a97168d627b961426c26116d450a4a5f4aa5aa755753e0f93b4e1f

Files

a3733ee369a97168d627b961426c26116d450a4a5f4aa5aa755753e0f93b4e1f
.exe windows:4 windows x86 arch:x86

72e0ac121083a140d9bdf2c2b6f208b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamProperty

ws2_32

getpeername

kernel32

GetVersionExA
GetVersion
TlsAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetActiveWindow

gdi32

GetTextColor

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72e0ac121083a140d9bdf2c2b6f208b7

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 876KB

.rdata Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 350KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 64KB - Virtual size: 77KB

.text
Size: - Virtual size: 876KB

.rdata
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 350KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 64KB - Virtual size: 77KB