b211c08cf3a7f5f5711367addaa868a36f3a3b848b22331a86b379cd748271ad

Sharing

Copy URL

Twitter E-mail

General

Target

b211c08cf3a7f5f5711367addaa868a36f3a3b848b22331a86b379cd748271ad
Size

3.7MB
MD5

c199e985dbbec6c53f8c8539050aea30
SHA1

7b8580f8bb722d69409aaacd512b133f42a68c6f
SHA256

b211c08cf3a7f5f5711367addaa868a36f3a3b848b22331a86b379cd748271ad
SHA512

de5475c650d37a59b37dcbba580fd90ff0d4a3b1c995d8d69dfb0678645114f54738e4d4e5ed21ac75d1b99f08eb395146e2a9675c82f9ab124694984821f77d
SSDEEP

49152:31akMEEnoAXaLetR9wLm7dEgHghWvU+H/TfgKfiKXHoFcI13+mr2LFIIp:QkMEEULetUm6hhMTgfUoz13x2GIp

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b211c08cf3a7f5f5711367addaa868a36f3a3b848b22331a86b379cd748271ad

Files

b211c08cf3a7f5f5711367addaa868a36f3a3b848b22331a86b379cd748271ad
.exe windows:5 windows x86 arch:x86

2ce754589ac0137445d43e2543fbf9aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadIconA

msvcrt

_controlfp

advapi32

RegOpenKeyA

Sections

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata52
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata51
Size: - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata5
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ggg9
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ggg8
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ggg7
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ggg6
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ce754589ac0137445d43e2543fbf9aa

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

Sections

.data Size: - Virtual size: 2KB

.rdata52 Size: - Virtual size: 30KB

.rdata51 Size: - Virtual size: 1000B

.rdata5 Size: - Virtual size: 219KB

.text Size: - Virtual size: 3KB

ggg9 Size: - Virtual size: 1KB

ggg8 Size: - Virtual size: 1KB

ggg7 Size: - Virtual size: 1KB

ggg6 Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 1024B - Virtual size: 616B

.vmp2 Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 49KB - Virtual size: 48KB

.data
Size: - Virtual size: 2KB

.rdata52
Size: - Virtual size: 30KB

.rdata51
Size: - Virtual size: 1000B

.rdata5
Size: - Virtual size: 219KB

.text
Size: - Virtual size: 3KB

ggg9
Size: - Virtual size: 1KB

ggg8
Size: - Virtual size: 1KB

ggg7
Size: - Virtual size: 1KB

ggg6
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 1024B - Virtual size: 616B

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 49KB - Virtual size: 48KB