2296d2c4c0def170813bdf28c58e385d5f047a15f91fe46a32b6af637cbcdcf2

General

Target

2296d2c4c0def170813bdf28c58e385d5f047a15f91fe46a32b6af637cbcdcf2
Size

3.7MB
MD5

445f517abb1d9fbba39f246f874ffad4
SHA1

5ae74bcb34bc76879fc8a15e716acad66e3629a4
SHA256

2296d2c4c0def170813bdf28c58e385d5f047a15f91fe46a32b6af637cbcdcf2
SHA512

867703d605a67d6ad72ee7f92b42285bfa409035b77749097161611277b998f48f85914a5b2238b915e51a848ba9efc02ed37b078223ddd09115c899acb8ff96
SSDEEP

98304:ypuxOhnkR+NK/jlEGsfVN6O4I0eD3t29t4qIYmcArW:ypuxqxNK5EG2VN6NI0eDdgtjnArW

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2296d2c4c0def170813bdf28c58e385d5f047a15f91fe46a32b6af637cbcdcf2

Files

2296d2c4c0def170813bdf28c58e385d5f047a15f91fe46a32b6af637cbcdcf2
.exe windows:5 windows x86 arch:x86

a8c436d9a0e5e9875d8e3a40db9db0a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostQuitMessage

gdi32

DeleteEnhMetaFile

msvcrt

_XcptFilter

comdlg32

PageSetupDlgW

advapi32

RegQueryValueExW

shell32

DragFinish

comctl32

CreateStatusWindowW

Sections

.text
Size: - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata2
Size: - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8c436d9a0e5e9875d8e3a40db9db0a8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

comdlg32

advapi32

shell32

comctl32

Sections

.text Size: - Virtual size: 206KB

.rdata2 Size: - Virtual size: 100B

.rdata Size: - Virtual size: 772B

.data Size: - Virtual size: 5KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 1024B - Virtual size: 576B

.text
Size: - Virtual size: 206KB

.rdata2
Size: - Virtual size: 100B

.rdata
Size: - Virtual size: 772B

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 1024B - Virtual size: 576B