2a4ef40b5dbfdd94c826a2ac6d40f35932a417f619ca6f9a83400fdbb21cf279

Sharing

Copy URL Twitter E-mail

General

Target

2a4ef40b5dbfdd94c826a2ac6d40f35932a417f619ca6f9a83400fdbb21cf279
Size

628KB
MD5

7c1eda07eb667a9c1234fd55f8e86542
SHA1

ea0cc26a0b7f0ce364c13ebb5cb7d354832ebeee
SHA256

2a4ef40b5dbfdd94c826a2ac6d40f35932a417f619ca6f9a83400fdbb21cf279
SHA512

53aa7736f550e4836c1690c522960a912bae6c1c4bf0574abd0ee45ec67037082cdbf0e78b9a0f6091fbfe1439ce4f939af66ca35d48ec5840ae9f2991253fea
SSDEEP

12288:1ugR+Ar2A8Du9qrh8TxhJ/KWeyn/mY8os7b89LW3gRTWIRiNnGLNpmuK2tof:1ugR+Wju8TxhfDOY8osfELWwZWIRXLN2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a4ef40b5dbfdd94c826a2ac6d40f35932a417f619ca6f9a83400fdbb21cf279

Files

2a4ef40b5dbfdd94c826a2ac6d40f35932a417f619ca6f9a83400fdbb21cf279
.exe windows:4 windows x86 arch:x86

fddaab515412ecb4500c52d5a5703c94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadIconA
MessageBoxA

gdi32

GetTextMetricsA

winmm

waveOutUnprepareHeader

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

SafeArrayGetUBound

comctl32

ImageList_Destroy

ws2_32

inet_ntoa

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fddaab515412ecb4500c52d5a5703c94

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 636KB

.rdata Size: - Virtual size: 88KB

.data Size: - Virtual size: 247KB

.rsrc Size: 24KB - Virtual size: 36KB

.vmp0 Size: - Virtual size: 167KB

.vmp1 Size: 596KB - Virtual size: 595KB

.reloc Size: 4KB - Virtual size: 156B

.text
Size: - Virtual size: 636KB

.rdata
Size: - Virtual size: 88KB

.data
Size: - Virtual size: 247KB

.rsrc
Size: 24KB - Virtual size: 36KB

.vmp0
Size: - Virtual size: 167KB

.vmp1
Size: 596KB - Virtual size: 595KB

.reloc
Size: 4KB - Virtual size: 156B