fb9c2ef824176de1fed52e2b57905f134810c880e7a02a6753a4597459a92226

Sharing

Copy URL

Twitter E-mail

General

Target

fb9c2ef824176de1fed52e2b57905f134810c880e7a02a6753a4597459a92226
Size

728KB
MD5

439b925f5daeb2754a3d059be1b7a46c
SHA1

7c4691de490b8528f52c587ee7bfa27b9ce0ec07
SHA256

fb9c2ef824176de1fed52e2b57905f134810c880e7a02a6753a4597459a92226
SHA512

bb1f4c3fd9091e1f794cf0b6c35528090e491a4bbef2ad24149e827db964f502c7ab74ad14886e19ed7601bae604266d4b05a6724ae6ae8738e548518c9683f7
SSDEEP

12288:fgudMFIV5yvRdKYRv5qA5TzeFPUPxqs8jpf3jRTJqaCvLN5vn1f0Xsnn23sGKc8C:3yFI+vR8YR7VqF3jF3jl87R+skspc8xn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb9c2ef824176de1fed52e2b57905f134810c880e7a02a6753a4597459a92226

Files

fb9c2ef824176de1fed52e2b57905f134810c880e7a02a6753a4597459a92226
.exe windows:4 windows x86 arch:x86

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

kernel32

GetFileSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CopyRect
MessageBoxA

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Add

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad4a09b109db315488441b37c6131fc

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.text Size: - Virtual size: 869KB

.rdata Size: - Virtual size: 127KB

.data Size: - Virtual size: 294KB

.rsrc Size: 12KB - Virtual size: 28KB

.vmp0 Size: - Virtual size: 192KB

.vmp1 Size: 708KB - Virtual size: 706KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 869KB

.rdata
Size: - Virtual size: 127KB

.data
Size: - Virtual size: 294KB

.rsrc
Size: 12KB - Virtual size: 28KB

.vmp0
Size: - Virtual size: 192KB

.vmp1
Size: 708KB - Virtual size: 706KB

.reloc
Size: 4KB - Virtual size: 200B