90c45e3c2c1bb65b5e69757ab88c3452bb145718641b7e4741fbc216a1590665

Sharing

Copy URL Twitter E-mail

General

Target

90c45e3c2c1bb65b5e69757ab88c3452bb145718641b7e4741fbc216a1590665
Size

4.0MB
MD5

cb7eb2bb7b50bb0403c99c2fc137cad3
SHA1

ff65f1c772e4d75a623dad2692b46358faa7f8a1
SHA256

90c45e3c2c1bb65b5e69757ab88c3452bb145718641b7e4741fbc216a1590665
SHA512

2a6db6ee23aa854064b103fa2992e1874473be34b5a5c12f26c3f8368b8e9e1bc3e76fe4592f68d83a1b1f0ec22f5daffe5f7d15a4ab6482925029e4b923384f
SSDEEP

98304:qFruS7/0Kj67kOwjAfjjg/hg/1uCPU4teo3ESRWwFLMS/iVFgMa/:EruSYKj67VwjAfHchK1uYU4vRWweSKV0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90c45e3c2c1bb65b5e69757ab88c3452bb145718641b7e4741fbc216a1590665

Files

90c45e3c2c1bb65b5e69757ab88c3452bb145718641b7e4741fbc216a1590665
.exe windows:5 windows x86 arch:x86

688d93b2fbbc271bfffd8c8eefff6140

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA

kernel32

SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowWindow

comdlg32

GetOpenFileNameA

advapi32

InitializeSecurityDescriptor

ole32

CoInitialize

Exports

Exports

��X��AI��!�(D�J��ݛw=?��oU�hw\65}��}C ;�m��E}��n�"=n�̵��[�L��>J6�<�jg�ڃ��j$��<��!��k�2>�c��)/~Z⇋�"X�0ݛ)Y�mZ�}j�A�f��a�K�u��{+咮3~�c��O�P�=C��k �%�r]��ύ�r��b��:��@��~bȽƐ^~��K��Jp�b�K�-��SM��X��9�� yf��X�sp3�6�pc�C�=4D��Eb�58�uq��7��B�hɋ|D5�T�Z��p&��]ɉ<��ᴌ��N1�Z�&�TCo��D��߻\��"� c�2�H�� ۞��M��p\��6s��?�{⼖ ��K٨)��[�#��/��7=H`�l�ciD[l1��Y?N�I:�i��N�ɭ��h�j�zvN�D'_��u��%��υ�g �vh@B�~�>�\��@��6�MqG��?Qo,��O��Ù*֋W�\�b��?�e�� 5䟜��y䎊��Sn &��c�c�5q��1��L<s��e.k�p��%dF�V�D��| (>M��"��*da-�oi�r�ӸU�z��{f�o$.�kWE�x��Oh��{��e�|}�'��O�-��u�*{��V�y��RY�.)��ޙ�8��)`��w��V��fM�s�S�k��E:k��W�.�A�:��b��}��c2r� �q4vN�W�CY�a@�:��ޖ6hD�� #�?�] u�^��l�L��Z��1��S�e��4��s��D6�iɎ��h,�L��Z�[إ�-�-�r&Nv.��m5��_'s��1��ϔ��R⿔�.��v--�cm8��=��|��{��Å�V�; �W��y3"��M�_,��̿��7u�ϟ V�n��d")qަ��m��$��F��Bx��p� ��ʪ� j.+�ܯ�^f�H$h�[\gm俪h8l4�M��ȑL�֏��ݥ�T,��F+q�:��n�ՈH7��M�B�%��c@`��hٿ��]7��U��P��qG!�L詞�qK�u 3|�#�tI�� [a�*�b��姹i��,U�w�!�3��2G+t\2�`�K��6��n?�iƊF��2�C�`��G� ��nZ�^�h1&��'��f��n�c[�k��`~nрؠK�|�Ή��.��;��&��m�W��;��l��:�v*��8�B�� ݣ{u��I��m��/pAV{��.`��6�|��sc! ,U�pYl�sގB�1{�d�z,8��L�N�`��U(�%.!��X��ؑ��jw�pE�KnB:w��P�J9h��8�2�+�dr뎧�G��|w��7EP��un̹�o�~�~0h�8�Lɬ�bpNk�D�o5݅�a�%��X9&g:��۞��$n��a��a��4�Mt��%��q��c�U��f� Zٿy�灢�a{�=o�2H��ن�K�T_�6*&�Dv�7x� �{�>;��i��#�o�IIa��y?��Fq�5�2ӿ:��;��]E�`9#�N��C5�� N:fc�0�e�*H�a^��d<�@�}WN3� �� Y��I_N�i�fհw�2�R�l��W�!@̦�h�``��4��k��?��zL�$2iKc��A��[L(-͍�U0 ��k�Q� >"��U�Jw�l��ǚ�z*E�� c@��tr�lΤ�<�p�>��j��k�o��\ �Ìi��&�Ĉ�Nd�B��D��v��c�*��LY�C��˲u�az��爮WvԂ5|`��%�yd�$��ӷ�b-��o*Y��&��r��:,��/f0ʤ=�s��kF�.�&��@�َ��̀F��I�<�u��Wm{��?c�� 2��߼��iIt�Bw�О�!�!X�Fۅ�[�M��c��՛��Ϡ8�_�_�O��P��Jk�(��NfW!�&�!�#y@��L��IG�-q��1D�hfA��A��|�:4aB��@��U �� V�;��.E�B-%R��:��&4q� To�/(t�n�ʲ�M42c� ��5��[��ո�v|��zQ��{� ��hR �؂ P�f�2��I�X%{�^� ~&�]ԇ�Lk7)k�u�Ԏ�d�֨��kt�8��v�� MBN�꽓��H<$�.P9�Ծ/L�D��p��" 4�aO�.�go�J��g<OK�'AT��%��r�m��=��Y��HXa`�8T!r;t��[��h�D\�� Iر@=p{�)�}��}øq/Ę��䅦�ӏ)��=��nЀY{ڭs��EZ�p:�S^x��v�R�_�9Pƒ&zy��Aä8@E�Wb��A�L�F��J/�sƃ�)sG�>>��<PoucS��x�σp�fnцnK�(��k�ԙ3 �@�~�C�Sb�t)�~��V�Dԇ3��h�뿠�$dq)��5 1��SXX3�{|;�B��J��Z�9��O�V/�H�ˎ;��;��axA��o�rGO��+��tk��K�.z2��8/1`Rf"��t�z�P��q�GS�#��3�B�h�硶~G��z�T�^�Zsڟhnx��J]�C�$h�� k;�T��S��u��+TmI��J"{��f![�J�`�<!�}U�q�D\N2��̮E��)l� ��7>��j9<�(� �¡k:��ħ&�e{a�讫A��dN��*h�:��d�T͝G|+Ys3O��|s'��Z*|�|u1��w��J�@��p� �~��M2��~v��5M�?v�vY�X��x�g{\��O��W^Q3%�

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

688d93b2fbbc271bfffd8c8eefff6140

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

comdlg32

advapi32

ole32

Exports

Exports

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 29KB

.data Size: - Virtual size: 19KB

.vmp0 Size: - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 274KB - Virtual size: 3.0MB

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 29KB

.data
Size: - Virtual size: 19KB

.vmp0
Size: - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 274KB - Virtual size: 3.0MB