bbbe788f2a3eb45bdc8d706d4fe08ad72c80abcb7f0d3070a8ba436a287206c4

Sharing

Copy URL

Twitter E-mail

General

Target

bbbe788f2a3eb45bdc8d706d4fe08ad72c80abcb7f0d3070a8ba436a287206c4
Size

6.6MB
MD5

7b6fceec51020fe3c49a3fe0d7e02322
SHA1

53f4aa9062854ce5acbb7169d9d67fbca2dd4bd7
SHA256

bbbe788f2a3eb45bdc8d706d4fe08ad72c80abcb7f0d3070a8ba436a287206c4
SHA512

e1bf12d6491fd2d7d520646772ce6047af3a9bd67ac2587e7558981cab2231e5e3964bfa7ee4a5d5d04856093c4309cd0a04d103206637e2793a974e60d828b0
SSDEEP

196608:hKwWfk/8BKiynvdJqiDa3hYR5NPLMu3H96y:AZs/8BKiyaxYRHMof

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
bbbe788f2a3eb45bdc8d706d4fe08ad72c80abcb7f0d3070a8ba436a287206c4

Files

bbbe788f2a3eb45bdc8d706d4fe08ad72c80abcb7f0d3070a8ba436a287206c4
.exe windows:5 windows x86 arch:x86

0ee2d3e5f03e5c87f330a10e47d7ab28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA
SetFocus
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

winmm

midiStreamOut

ws2_32

bind

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ord17

comdlg32

ChooseColorA

wtsapi32

WTSSendMessageW

Exports

Exports

��y^��\ލC~�vmR��.1�o�z�=�W0��9��S�^�b(�&�ݧd ��;��/_��>��R�c��-�U+�:�tL��¿��R�&�W'��15!�W��,ё�[i�d@B?3��Ra� y��JL.��n��_��b� ��ۗ�C+��@@]��΁�iz�Grm��.�BDU��M}��q��v;�2�y["F�w��K��>Ң�W��6��6�l�*!�|cb��KohF@��M��m�+��7��O�� B �#\�l��Bo��D[\(�ވ�^w�ǈ��Ŷ��yGtO�F��ā ��FRW�&��#��>�r�,�5J$V�~֓n(ݝ��{BA��b�T�JL8c��!��fl�Ӥ�if�HY�� Ǒ�=א��V�!cw�z��qJ�zD]��q��#��C��2~s,��/�z��\��4�M��@�@�VQk[��Id�C�y_��v�=��h$4fsAQ�vT\cN!i#0Mo��[&b�<��\��LQ'��T�Y�͋��8�H��?�z<�ض�,�%�@��*?�j7%�W�6�<�#!��D� ��B($q9��Z(J�4�I��D��晾Gf?5"6ۨ,>h��)��iM��p2��\��_��WJٖ�`B�J��I"�'�C�G2ye�_�0��1SjK�� >:Fh��{*FI�횟=";n �5��StPR�ЌC=��?E`Wk��4�9�ы-��:��:[��-b<NTX��?Gy$��|T��/b�E"��W҄�Lx��O8/>vG-z��ie��'��+��ͺ�@yB�#�v��s��xs��> ��9O�}9��r`wGv#a�0iU[��T1R��q�22��KGfpi��#˧��B�at�H��2c�yQ�<$�t�SΦXb3��г�egڼ(��K�K�RY�0ixD:�!O�YPH�C��0a�fR��#��}(�N��b`�c��-�m� �}�'c��8v3�`g��ҸK%��-��LJ��Ř��ll��D�ߵb4Ӱ�޸zx��C��y�;�-mX ��`�^��>��J�+a��;��=�GfdJ*-�x-D8�%��JR+�?��MW�|�{�lj��8��س��u�^�*ir�n|!�"d9�t��䕴�$�w��'��(��ʥ�FO{HVV8<�g�m1y��&�!��C��U��/�� </y�9t�ջ��.�QS8>^1��qd��%1��/x} �!rG��:>�i>~3�R�ُ�Sg�oa�Xj 3SI�!_5d��c��&��5Df�e��P5�*��^��rͺ��ܘ�ͷH`K��rD��th�P�Y��-�BqF� Sc"k��zR�ܔ�\`h�&w�.�� $�×�zRe�;��Z��)m��U57��`�?vCv��l5��,l��?��ѡ&N,^:�[l�h4B��3nx<Äx�}?.��(^C��$��[~�R.<�t:�Q��ٳ�a`=(��b ��˗cgB��=+�C�jڋ��6�~�`�vo��5�e��\��@�]SDv�cK̙��cؖ]��J��PZ��V��k�,�b�I��=��r��'_�"�8��Bǣ�� rk͘("��z{��ԋ�>T�8��ެ�?%U�d r3��(��>�Y��`$r�}��`Z�<� ^7+ux�9(< k��w4��ʣ�DJZ��^�3�|#sJ� �!�2/��iFz��9�?~��z΍Q�h,I6㈽jb처��.�A�n�O8,6�J�e|��A��1�� (� 3@jV��@��WN��!��;�o��5FkmdS��)�Yۀ��M1[�C1!N��Z+�]H��Oݘ�|�V��m��FSiV�I"�$�E��],r�p��צ�m��"� �L��/UW��,��!��~2�r��zk�@��p�)?3&P0��/?�@�՝�F{��ʗ��F�&�X��a�6$ F��,z��XK�&�f�� Tu��6�y��1��8T5H��Xb~��PME~��r��7#�G]vq��WG�W]= Ë!K�?F�6��)��R��%,�J��9.Ђ>��II �w��h��TX@�ӻ�9u��"ۯ��a#4�YfVE��Ҷ?�ᬱ��J°4�_��g��$�E��Ya�G}�g^��+NC.$\��r^k̕"��OSI��b>��+i/��9S�� ˬ�}�P��<�֗?j ��w쵍g��C��Tq*^��>��˝p�n+�?\u�ڟ��A��x|+"��\�2`� '�e��p�W��r��t�ZF.��A�,�%�;��</��n��ʥV��;/>�uj&{1M�<��}��n1�6"��/��l��ۻ��Ь&�L�نN�Ӓ�k��q)�n��I']��B�|�dR�0��5O��$��3��`s��xǼwg��5lAr#��%�m��j��b#��vw��0�I~3��Sw9�:�o�æ[�J)[��=�˰�=��^��q�Z��p@2�3׸�q��Hd�+�nVP��$�D��@!J��2�x�&�^{�wh4_��f��]�p��ENKg��Qg��׷N��c'|mHn�9sL1X8Ox�L�Ģ�=67�l��j��;�_��2[��<FϺ��b&�|�r�BR�ZTv/a�م��|M�x�X{ZtQ��t��S� Y�,��4Rc){S�+�8r�� p�y,3�e�/��.��sF@#P�� DJ *�G+Iv�� +�'�B�KQ�r/[ֳ��ԙ�A ާ��N�� GƎ��s�/V��L&:s�

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ee2d3e5f03e5c87f330a10e47d7ab28

Headers

File Characteristics

Imports

kernel32

user32

winmm

ws2_32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 4.6MB

.data Size: - Virtual size: 764KB

.vmp0 Size: - Virtual size: 2.7MB

.vmp1 Size: 6.5MB - Virtual size: 6.5MB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 4.6MB

.data
Size: - Virtual size: 764KB

.vmp0
Size: - Virtual size: 2.7MB

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

.rsrc
Size: 24KB - Virtual size: 21KB