bd7d1e0a203111916192ec1c671b6998

Sharing

Copy URL

Twitter E-mail

General

Target

bd7d1e0a203111916192ec1c671b6998
Size

1.6MB
MD5

bd7d1e0a203111916192ec1c671b6998
SHA1

1a24c81a1c4d42a4591c75f7a46a253d9cad4cec
SHA256

ed7cd15bf8ae6894d25588f18441d3e7c431b8aac6653e57b352d7b5535b0b56
SHA512

227d4a5ca4d08dc81120139adf75c6f87e2329c4a0f5055f0faec39a3dd845dff33dac154d327c67796cb27acfa6762666068568d0f95f847ae428e733a3111e
SSDEEP

49152:dHKlAdzwgIrkUYSE/kxzHzHm/pdN8IBt69844NQFfqO:dqCRJCHzHkpdKmJCRqO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd7d1e0a203111916192ec1c671b6998

Files

bd7d1e0a203111916192ec1c671b6998
.exe windows:4 windows x86 arch:x86

22ee8aacaf4f07006b8da5ed6eab68cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetFocus

kernel32

SetFilePointer
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comctl32

ord17

gdi32

SetBkColor

shell32

Shell_NotifyIconA

wsock32

closesocket

ws2_32

WSASocketA

shlwapi

StrDupA

ntdll

NtQuerySystemInformation

Exports

Exports

TF_��&��pfM[��EU��Q^��ڬ��k�Kx��s}��DC1�&ƍ D �o��^F]}�1�7�s��Fh��7W�� cP��+q�\��[�� aql��-O�N�@ml�{/��Y��Y�YE~ʧ̣�WB�অO+<މ��늭B�_�~��Y��꒟e-�"e\m��[p��Q&�)��A�^��4��V��T�K��M�~�@�b�Z�O��֥��6M�ՠ-|��*��rdj�-Qcn��ϔ��"u�(�3��B��Pf7�6|��p�a��xơ��2Ӿ_�tFoS�� 9��8Ne��/�M3{<��i��P�!�|��L�C�#��L�Ԟ顉 ��$65~8�eJ%��xc~'.��X��$@��z�/Se��ϙ��ö��6��B��@0��,F��mP.��:��Wu��d�UӸ��6>F4/Y��A�2`1_�L�� aW67+O� 6mcp�2[`K��6�.wb^��@d��h>2��\nNXbq_'�*߆�i*Чn��i�t�W�q�]��}�,�Vj=�cї__W-,�*��"��e��E�{RJW��<�eK�9��W%�e��P�@#�f��[�Ò��犆��H��t��A�ݐ-67��c�njׅ�}�=~H3[��H�u\�s��{)��r��KDnWsb{�#�cH��'0��7�>�.��u��Z!I��u᷀\4bi�� CI5!��@��C�s�Fu��Z�1��E��{ N�=��Y��,��!'��f��Vv�Y��}�Jm��<��/H�V1t� ��[Q�`m>��i��-y0�7-��^b�'|�^�;0��E輌�>��/=��g�(� sn�V`�M~H�Jgv9�{-�� :�Y:#<]�n��Z��-|��c�RHIUqBVu�x�u�&�RX7K�x��nj�t��?�)��>i2�T(5|_�#�S��= �+��/�pZq��n͎��c߅�}ۜN��ǲ��+#�r=��;:��U�q�13l(^9��Y^X�}�Y $w!y�� ?�׼��A"֚)��7��n/��d�F,�%f}Qj�M�YN�|L�p�I�l[�d��R�n9kL��ŗ��rWӟ��G �F0��Lwe��n�R��d��i�n��/G��isY�,pR8ʗE�z�K�6Jn`�e��-^J� YR��SX��ӌ<c��-ƌe��6��E��:n�y�#c�ǁ��3pGCI��4 a�|H�!��&Q�~��?�>kD��U�)�I+�3�]fG��hk��~�9�E�o�gt6S�Ga��:�`�K�,��{?�c�[+�Z��fB��J��p�PEF�y�?�K��;��E�� da��!bKSB��4z�4�!<&R�i�Wl~l��#@N2�8W�#|��X{M��$��m�߃DI,��m�E��#�e�Xe�nv1JY��'�Sٴ�,�v6��_ A(≊�z �[�f�D��S��]��eyn�k �TZ�PC�B�+�QA;ۏr'vq�,v�=�d��e��3�*K��0YRHZK�]��](#q��|��B�o�@3��\?Eј�IkH�sr�ڬ��,�1H�@)�ж(MD�L��5�8A�BG�'��ZF�8��$D��v�.W�<d)��dĖ�P��h�j!�M��$�C�(H��uD��Q��H ��(��d}C�C=# �Z8��#�8�2��j��t��I{r�~0��uf;#wm'(<��r6�^��2c$h��`�4��p�ch��m�ﻮ��{�i��@�D�R��I5c"�ύ�=�$��)��#p��lr�΃�) ��ڑ�Uo|��2g�Sb��*&E"�Sw�)��8t�!��8g��`��;�� 뮮 �,�$�'��B7̻e�K �{��5p��؏^t��r��HQ-��!Z��';�(}y��i�Cn�e�Y��w_�̟z�xa Dž��lP<�.8y��D9�-8�/�19e��5D-�y��G�E��3��d@�%��L��E��]�,$_�X�#^�M�q2�%_ͼ �dd�5��܎:�P�V��H��%�q{�7��o�fR�^�ͪ��Й��HG��cd�X*)��Ǘk7�B�k/!��AѰ��|�N��mt�z5S��,��a��{90�g�Y��D��C�W�a��O6��X�{My[�#��5 ��\~w�.E� ��ie�H*��{�ۭzּ`"�x峄�]��c��l��2dG��'�H>�i^��ŗI{�ô�̌��>��V �}0�-_o�;�o�Ɛҟ�6MT��Q�a�MrNjgڍ��+U�� J%��!x�l��k��w��Lj�T��4�]��'3��O#'~z ��%jB��f��H�7JX8�i��j��i��YOWو�]!A�L��RO�D�rR��d�懈��Bx�XZ��p��1�E��+ɠ��.��f�� S��@�[�@��>=�Ir��K��ryo��k��d#��ܧ�1F+�:��JÃ�|��<�݅�i�Oo/6r�]�0��X�6A�� P�]jp]{n_�Y��A.��b�i2)� Y|BN�>�C�N_��O��.�O%-�[�%)-#�'Z�E�q�v�53�ų��-��oM�p4��p��v�Y�մM�h��m�2_i�o�=��&r '��100إ%��Ta��Ov�7^W6 [�}e��d&�^��U�g��1��?�?�5��pq��U?X��1 ��Skcۦc�o��|y�wjh{��T�p� Q��q[�5�P��@)i{�v��d��q>��^hA��M�S��/+J$7

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22ee8aacaf4f07006b8da5ed6eab68cf

Headers

File Characteristics

Imports

user32

kernel32

comctl32

gdi32

shell32

wsock32

ws2_32

shlwapi

ntdll

Exports

Exports

Sections

.text Size: - Virtual size: 154KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 110KB

.vmp0 Size: - Virtual size: 1.4MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: - Virtual size: 154KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 110KB

.vmp0
Size: - Virtual size: 1.4MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 16KB - Virtual size: 14KB