ae2578d7c309a08572f3bdd93afef0f0

Sharing

Copy URL Twitter E-mail

General

Target

ae2578d7c309a08572f3bdd93afef0f0
Size

128KB
MD5

ae2578d7c309a08572f3bdd93afef0f0
SHA1

c9fbba21e2004f912e7da6ce3bd1d4d67dedcdff
SHA256

e7034c94b290cca65b6754231bd80890f0cce78aee9c5549dbdd26f0cc4ecc95
SHA512

3050b99f2ad709361a830483d54876fc94851577695692d15a5ed1b8a2a3c198e2ea502340bfc24a717db2caf05a21f2cded73fac91c7435931f09bdb6f24c01
SSDEEP

3072:Hqhl8LaFOKJb711RUQyQfyrD4WAnJlYkF8a+07t5fAj:Hl+t711Rb1fyoWOJlY9Gq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae2578d7c309a08572f3bdd93afef0f0

Files

ae2578d7c309a08572f3bdd93afef0f0
.exe windows:4 windows x86 arch:x86

d24669cc89e054bf8e58f33ab2990870

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SendMessageA
MessageBoxA

shell32

ShellExecuteA

mfc42

ord1949

msvcrt

__getmainargs

comctl32

InitCommonControlsEx

msvcp60

?fail@ios_base@std@@QBE_NXZ

Exports

Exports

�>��314;X�.'X�a��b��ɿ�I�Ț$��m}]Y��o��BΡ��h0�P�#��?�1��y�'�K��N�͛t u[��}7�A``�[�}�ZQ�q=��rS|kc��$[��I�/��K{��a�T��ʿc�2�5�n&Z\-�H)߁SW��Ý@�u��Y��$��ӹW�EϸW�p-nB��8�9��ݪEw��fK�� ȸZ��}3Q��Y3߯��1�/��<gϑ؃�#V�v&��Ճ5Z�4 b1$yyT�m�qlh)�6<��4N�/��1��׃"4xd��.n��LFָe�;�Hk�U=�b�̎܏ܚ�,f "�2G��.�Ǳ?��^;�\��ymtÑ��[�^�r`)g�T��VeE�A|O/��}]3�)-��@�_F�_��r&/�N�b�b��E��R��E�O��P��(��pB]?G��1aOK%�;i�ɕ�s��z��"�J�k-Rǹ�|�g��x�!X��"�e�e҆[��@��7eQ!�W��(�$��w��2љŦ��۽$[��W��r��!/�{��wDϬ � ,,�% ��l�$Daڪ��ŭ9�9 B/Õ2��#�+e��B�B�7jQ��"7��d��4��v�(��v�.��SX�Ky4O6"�ǃ��ś u��Yz�5��U ��q��ut{��h'��$I��;�cR�R��mj�#Q�;��|A��4Iف�o�>he� x��Z1�w��.V� tl��o��ʕ��!��P��pƩ�%itPx�\��)ܲ��1� Yt�3w�S��oE�}qUF��*s%��o�pVE�F�%2��U��M ��dA8vj��D�g��|��u�g�c쾧r��ѐ��/��_ �1�?�gb�� '��.��{3@{H��ҋsz��;%+�x�ًج�8Ou�0�A׼��RL��T�^Q@�X�� {�1�<��/�ʁ3��e�3#v��Ɯ��T �Gw��_Cu-��z��,�$d�"��<e{Y�-�Wv/X��8��.��+h̔��g ��Y]P,iP�*�Md�m��[��p73�>xW�da"^g��G�Gˉ��aL�г�;+w8�&R��i%�MP��)� �lN�޷R�6��OV ��~@�G�]{�i�8�^�4:��(`Ӵ��$�� s�8Ӥ2��"��0��{�G6��h�4H��qF�]y_�)��+��^+Sq�]m)��j��"7�� ?N=�ΕG��(��FC��v|<~03�DkWuU^L+԰nT��H�3��T�G��4�rXa?H�<�۠�K�U��C8�ŋ ��[n��3��K4BӒW�p�n�_O"��lcw&��(#-.��!��H�� "��A��.�ۜV��Ѭ�d;�� r.�d�{\O�5��6�R�;4tF��pz�/�Q��La��QɰV`��&8ӵ�Ȭ��B�+p;K��x�R,�R�j�`��V��J�A�I�Y�dK��'�ҍ��:�̛ q~Z��RӅF ��E�/2k�:��f��jOG��c94s�)JU�AK}!��M�?��C��C �f��J֬{� )��z��7��!;Yͥ�n�?�O��U��~�/�9ǽ��^��K�+HKo�܍9��&bf��q��9#z��zK��N��V֬f�X�o�.�q͡�g�*�e8��4�I��W¢NfJA�*�i~7�y a��x�J��a(��s�`��{��VP��8��H��&�nO��1 ,�o�Ӈ�I��Ƴ�Ƌ��B4�/�:mA^D�MW��R,��x@Ծ��m�>jn�O�۰\w��t"0S��:딇OkC�aU9��PLJӟ�LM�J ��YgQsIXj��p�]9�9��A�m��W��ۦ��V6��䉊 ��b�b�n�^}�s41��uBKW�}x��`�hAԪ�s��Eg�w��B�(l.�8��K9Y^�yy �M�L�Dp��kf\ւ�lh< )=)��@y_"��@�g)p�<E@�i@�4�P*��3[�b�e��l~�:0��={ "b�ȅ�I8plE��>A��x��D|$J��٥Bbl��yf�04�]��)��@C�+��{Œ ER2�E��BX�<�c7�#}b��B�F��b�|]��<��p�g�E��h�f�8�7��iC?��C!��E��]��:� ��#~ـ��Ǟ�B��:�gs.�թL�݀�-�>x{�6��L ��i߆��1�J��S��F�/�Z��(�&�eITR��!�g�y=/�~��?!�R�ӶQ��t=��D�+ĵv|b�[C�-+ ,�n %X��h��d{��H��jW��>��-�b;9A{�΍Vu��%:�P��ulu�.]�8Tq��s��O!� Y�"5�HR.mE��^vX�|C�5�>a��r��w�#R�,�0k%F)�N�+,�#�t>�f(��7}�l� �w&�t�?��-a5�U��Z�J��HT<fZ�3Y'��~/}�q�2-l�4�L8�ߧJ��.��)��\__HoD��q�m>��6}��䀐V�,H|�l��1��$`��u�u��3M�4�8s ��!�Ҟ^dwON��VkF�~c��!{�^G��|X�6Q��n��_1�p��C��MW;w�*,H?�{F[�� (l5ҷV�f5s��|Ub�1�q<��!� 7�c5�2C׺C��8`:��Ņ�c1��@o=Ի�&F��ئ�6��'ã��r�}��n� ��mlY��g�9v�!�+P4�/yr��R6�#�� s�L�K�f旁s�:��=��M(�J��o|[zMxkI�鄦v��b

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d24669cc89e054bf8e58f33ab2990870

Headers

File Characteristics

Imports

kernel32

user32

shell32

mfc42

msvcrt

comctl32

msvcp60

Exports

Exports

Sections

.text Size: - Virtual size: 13KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 14KB

.vmp0 Size: - Virtual size: 44KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 108KB - Virtual size: 107KB

.reloc Size: 4KB - Virtual size: 116B

.text
Size: - Virtual size: 13KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 14KB

.vmp0
Size: - Virtual size: 44KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 108KB - Virtual size: 107KB

.reloc
Size: 4KB - Virtual size: 116B