8ed28a33b7109234a832d4131723949736a78892d33228f2c078840018a21081

Sharing

Copy URL

Twitter E-mail

General

Target

8ed28a33b7109234a832d4131723949736a78892d33228f2c078840018a21081
Size

1.4MB
MD5

0cf6ef89fd8080d6a8f81e863cd5b93f
SHA1

4473a8fd474a316a5c3fc0bbff565f1204401b20
SHA256

8ed28a33b7109234a832d4131723949736a78892d33228f2c078840018a21081
SHA512

433ec826bf7abef99c9a1ea7a4da5e16bcd07da36da0a5c02673f70fe2c5d391964f25429aa7fbd22e5f0fdf8245867e06044b07a37444ecf068a8d599531a6f
SSDEEP

24576:m0bajn5sNJOZDV1USRveLWoq/Ed6BVq+RGSbp8A7ifqVnRTRpSHgRiC:mxsNUFbRRveLWSYB4+I9A+fInzoHgkC

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8ed28a33b7109234a832d4131723949736a78892d33228f2c078840018a21081

Files

8ed28a33b7109234a832d4131723949736a78892d33228f2c078840018a21081
.exe windows:5 windows x86 arch:x86

54f81b5ba6eb51caf66cdecd534bab19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetNextDlgTabItem

gdi32

SetViewportExtEx

winmm

midiStreamStop

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

DragFinish

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_DragMove

ws2_32

ioctlsocket

comdlg32

GetOpenFileNameA

Exports

Exports

pu+��U8Dq�o��ԋ��G7�ݐP'|1/��{s�s�^>f��Gg��ö�'��O ��9+q��_5�<'E#f`7oI�$�W��}tۣ�_c�3��!kȹb��V �I��I��^��8��H'9�ܛJ�u�(�/bv$�\��g��"��h�͜i��K��$Uͨ��\��)�\SN�.|#}[�8DZ�#��h��4#+�X֓�?�#��:�V��G7�5�z�F��O�Q��yѦ��3�:%�{[�V]�g� ��.dٓ\��;ۻ�X'��u��WO^<��m'�i��^�1��Ӯ��5k�r��[�+�z��u�g�vLۑk�9PK �V��P��ր� ;A��Ҷ+7�@:��[2\(�S��H�~�R�n%`��03�U؎ǘ5R ��~�Ɲ{47�O��.ƃ/�0�D��J��6��h�K��R:Bq�.�U�ٰb@��B��g(qҫ��,��ʋ̯�D��+tqw_�ek�ٽ��频~۔ ��f]��rO�g��Qv�1𮊎P�� >)b�p�u.� kg=��E�-��F��ɜ��˗1g}��슻iT��P[�t#=ۤVW��S�XnzQ ��#l�~]%��*g�ERC�z+��B��4��+ץX��4*;��Dm��I'yd��`��ɋ%� zVt�EL@��jb�ip�-VHL|=Y�}8�\0Vy��]0��Q�3ok��ӽQQ3�E��徥yfo��4��'��~e?S�sTK�K��]!0�A ��3�!*�'�L��*J��V��;�Q�#O6�W_'�tU ��s<!]Y�Ճ�b�K�5s �/Z��?�t�ܥ��ɋʐ[�_`��/��T��)�9k��C�=��i��Biq�L�x��u�Bkf';��E��'�ױF���J�Ђ��VfU:o��-Q�E��ol`��ݨVIr��v�+*|�YF��7#}4��e?�"_��*C,s��"�Γ+�֏��sdZ=$��m|FO�k<QCV�dT;0)$*��c��d\��ګi��LdK7�מ��"�LA}�E U��VO�X��6�X��mT��'��ȆD�שDa��u�]�F��W��@̔@��k��B.e�~SAN��1��-��XҕK��`��`��c�+��{��2��UJfc��"p�W��F�"�C��ӈ,��x�DÍrL,�O�>�4��V@�=��ʞ�o��k�毮v�y�%\i��J��dI��/�r�� t��?��"�VRK�a��"r2E��y�?2`K��AK펩_ -�Hcx��G��Ζ��H�e��Ќ|F��Su�G[��5s#�*}��XT�2��$��;P}qIGf�XC7/�ɺ�b}��tF�&�Ջ%"��%�Q T�ɯb�I��F5��`k��z�3x#�U��f]�@��u�{��:Dnb>If"�P�P �t��[��ڛ<��Sޭ�H4��V�긄�j��¥�uylݾ9{g��.`�O�(pi��T8X��D3Z6�Fyx��[�{�UD��f��?�L��nS��ʀ�j�?��1�nɜ��M)��ǧ27��,6�S��f\�}��&d=tƣ�}r�0� }�'1��%��{K[�a ��ɰ�,�oG�iYn��[�+꣔�R��`��ن�پ�2�/B��8��,6m��J��u�Y`��Ng�dAʞu�, �ي�=I��:6��[k��B��~��w��.X��A�/i�ꥒ��F�猿=l�g�)�-MTHC��"��,��W��X�@��!��ފ�bȍ��R5˝�C��{>��O��5@O�m��b�Is��9v�x��wJ�l0d�k�}��M��V�)�ѤS��(�<�*OZ%<�I�A�h��f�7��|,Ӭ�N��﫱A��ld��碐2��P�V��$lՐ5��`� ��)��-К��3�E� /{A��adM�F�n��J[�� af(ƕ�PY��m�1�F�T4��^ͥ��侅�+��Ӷ�8o,��G�cn�Q1�^wd\+��{�a�v!��wG�`Չ]}u^��ו�Ǭ�a�c�&d9��x#us��u�]�zǕ۔[�m o��W��H��{��FJ(\�=+Mm�<Ph�cX ?Y[͡��&ش1_q#Ųhū��7��R�4�r<��iM{��/A��vڅC��^�Q�o�$�� &y Ď��Sႎ'b��_��;��W��"��_��1��/��u��[?�� D�=o��)��|v�[F·vvY� ��H(9��Jg}�i�|Yb.e�,Uh�G��%��t ӿƎ\�3t��ʊ��eU@FV��L��hZ�@�ө�&?��}K��j�z��M��6�q�_�^�o��t�ɉ- �%�OH��Q� ��/��"��a�Õ��Hy�}��4�s��x��_R�mJ��݊�=�b�1�m|�Ϫ��mBfS�'Ű1�ծ&��\D�XgzJA�� /��#�z��ωv�V�� 4��f��ܠu�g�_�Wx�"~d�!�&{P9q�u��gK��ۏ;��Y�P��δ�u��*��lId��jF�\V,�"a��D��<�x5_��R��ͪt.(��$��߸E�L\́��F"^l�[��!lq!%H]2}d�G��vnv��7�� z��'�SBMb��n�b��W�4�r��Bڂ�2z^��i�� 0�2=D�?��V�z(f�i ��M*��ޑ�>�gv��pz�ܫ��%�l5!k]�%��}�LI��9��q-e��m�vjh� �0��C��C;"��c�\`pYi��'6'��'K>:�H�;�F~

Sections

.text
Size: - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54f81b5ba6eb51caf66cdecd534bab19

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 533KB

.rdata Size: - Virtual size: 89KB

.data Size: - Virtual size: 168KB

.vmp0 Size: - Virtual size: 668KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: - Virtual size: 533KB

.rdata
Size: - Virtual size: 89KB

.data
Size: - Virtual size: 168KB

.vmp0
Size: - Virtual size: 668KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 28KB - Virtual size: 25KB