b7df7f0045298aa7b29bca6405dabe91

Sharing

Copy URL

Twitter E-mail

General

Target

b7df7f0045298aa7b29bca6405dabe91
Size

552KB
MD5

b7df7f0045298aa7b29bca6405dabe91
SHA1

c3d6c332aa9fe6f005560887ff8e33c1593335e8
SHA256

d2d00fe95d547953279e8f9100d42df9f5c2b85ab1fcafec7047263d3bb7e1e8
SHA512

d2da8260c436e2248130afdaa0dcd0c49f307e882f58d4d3b7bc56e29c64d1641fabd9eddfbea9ef37d1e6fdfb183516742bf12c5d162fb68e395a9e7ed3076c
SSDEEP

12288:nEF9CyKFzck45LzfBLZywxFVAnDTBpj3tucuyEFNXSgyL0UFK:nETsV453BLIYKDTHjdQFNigy4KK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7df7f0045298aa7b29bca6405dabe91

Files

b7df7f0045298aa7b29bca6405dabe91
.exe windows:4 windows x86 arch:x86

4108466851d273ee594a25949164b3a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

OpenClipboard
MessageBoxA

gdi32

SetStretchBltMode

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

recv

comdlg32

GetFileTitleA

Exports

Exports

�oʰ\)��M�c]G�A��v��7�Lu�sq>�#n:&s��Ɔ�G��z��' E��q��3-�,��ݿ��no��l 5O��oo��X�̣͘q{_q��Q�� k �ѫ�C(v;~:�-]�hU<Ќ��n1W/sC��TjZqPk��1S�U�8W5dm��%g{*�n��M��$�!2��a��<��y��m�n��c��QZ��M)�N��F b9y ��n��=YJ�I��#��^g��k�h�A��D ��0�3��o��'h��2�7��;��g_��>f��hZ� ��VxW��ۊ�g)m��:.��1.H �W~�|��HS$k��*��'��-U��M��)��Ms�BRrR�D@��qV�9&98�/v�aL&��/ ��N�N�B��ʲ��E.��Y嘬�� 4Mw[��-�z��9}�+�مwKrI_��j��Ϊ�҉��K�#po��R��\�M7[�z��'[�hn��I)��yT��:� ��;q�_q�y��±j9Nq�I�Ub�$I��)��B��8��w��pp��L��,�I� 1��ѭs�2�:��^�Y��_�˜�.bA��i��֊��ד�=��JK��凃��u'��|�s^�8��:鶞�u0Hԧ�~$n��3�!��=��-Rn��BQ/��`�^�a�e��N�X?��/H*4>�k�Fʧ� -vd�L��b'Ɏ��0p-�ש+��cW��iG ?t�� F� ��Q��,^?��;;��B݇�b�0�/��~$s��hx:92i֬�8j�:�n ��ԘhI�5$�8� �q��=��$v6 ��V�"8�$oÐ??�X�O�*.�C��b:��lv�>q��{AI<�8u��]��[d�Փo/��x�Ǳ��}3&��KZ�~�wJ +_��R��Iѐt�q ��z6�kV�!�x��_��r��r`劶4�2�¯r*�� %��s�E��{ࠈV��ؔ�Қs�kZ�ś��/A�G��e��Mx֫J��ʟT0T~�%.8�TK��`I�S�E�Śsy��.�0�Iƛ��#F�yǋH��}ֲ��\��;��<pD�w��N;�MF�%D�J�SV�\x�k'�&A�@��浏�8�ڜ5x�y�k�`��G�Sb�� PiX�u�/��e�'ѿ�� O�,�4,�4)�_�pT��DK� �ԑS�E� ��>��N,R��;1m��뎕Ѻ�]rBCq��m�� x��c�� Y��iJ��|�C6�jO�v?�E��Z�M�!�/w��}��o�f\ δ��ކI��c4K�+L=��d��u�� K�r��qP��ޏ͙�r)�� H��cY�Ȭ��u6� g�>��P�^�A��"`Y��[u=em��͆Ye��M�� R�U37�z��3�w^+�B�<_�UE�k2��Q��]�:��BwIs�ii ��w��F�ڇo�e��k�;�\{��|��}~$,�`+.$��A�Q��GK�c?��[|�b>��W�y3Pr�G��"?9X�]��:(��1��J��Q��v��m��4_4O]ۛ�[�C�P2�o��?=Ē��Չړ{CD ��H�A3'&�@�"��:5a�:�M�t��*��Za}�(��}�K�'P�#`Zs^��EDA��pҭDi��T2��^Cѐ��%ȯͷ`��dY-�A.[�q*��?��$�>vYP*WnB��#��?��`��r��y�x� &�-��k��=y�C*�R��=�2m�#m�L]�E��\�v� �M�x$�M�%��)��)3�z9�S��!��@t*� �7B�g``��`#��V�jٹ��XB6� ';g ��a�~m�+�i�қ\�FS�li��c��u��J��_xԚ�۫�*�%��<�S],�Y�P�y��_r��ɁV��b� ��8�i�G��=�<��h�@�g�l�O�?��%��~�pk3�e�̿�q�o�]B�G��}zO�E��44�rm�m57gs-'��t�0h��kM:�я�w[υ:�F�sl!v��H�u��m��HUk�1�D��ج��AHB�S��h�.Dt�s��w�t5�ۺ�\�A��*=H��%\�޽ �<��x:|�:8��,�s��O`�л��eg��-6|P�ð� ң'[e�>@�k��#�<��h��Cǁ��\�i�I�آ��.�>p�N�q�z��7�0��S>�m�z�|�D�I�?a{I��!��ZJ^�2�&f�YU= .��`ty�;k0�p�0��ukI�T��We?�3,aW�Y�ִI-)��_2^́s;O��ǅg�ۙ{�L7\^ȋV;�e��\��$Ӓ "�/Пl��7WU�Rx`��n� �Q�S�Z�#�n5<�Rѹ1��N�7u~�O��o�vcR�|��rYc�H�W)2�9��U�8t�� 3�^�Ygp�o�]y-:��y�D��f��ʠ�V��wc �٤EU� �Q��j[�YoVL+^��X3�|�C1!:��q��BT�o�� XG��yBJº\[BRu�8$ȧ�!8D"\��ה�B��O��ýQ�e�`��-Uн��}�-�ک�� {ԫ�� D��<�߁��ӹ�%\ �}R,� ��\R�G��:[�e��r�oRk�v��Й5L3��/�v�W6t8[��=�k#!D.�F"/�lEEp�=�C�R��Y��ZHO��)��u�m�;�y�8m�O�!<5y��E�J)p8�n��D��[9C�G�(��wD��W��X�Kk��

Sections

.text
Size: - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4108466851d273ee594a25949164b3a0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 520KB

.rdata Size: - Virtual size: 118KB

.data Size: - Virtual size: 121KB

.rsrc Size: 16KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 155KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 524KB - Virtual size: 523KB

.reloc Size: 4KB - Virtual size: 192B

.text
Size: - Virtual size: 520KB

.rdata
Size: - Virtual size: 118KB

.data
Size: - Virtual size: 121KB

.rsrc
Size: 16KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 155KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 524KB - Virtual size: 523KB

.reloc
Size: 4KB - Virtual size: 192B