593d12f2f7852495f32133593a165bd8de3a802d9efed63f2f7b43116cc8f61e

Sharing

Copy URL Twitter E-mail

General

Target

593d12f2f7852495f32133593a165bd8de3a802d9efed63f2f7b43116cc8f61e
Size

2.6MB
MD5

424165a168cafddc00a8baaab4036242
SHA1

ab9e07523436875ba2998603bcf7a4e991fa3525
SHA256

593d12f2f7852495f32133593a165bd8de3a802d9efed63f2f7b43116cc8f61e
SHA512

532a8f45f1dc2649b8976d51fff853a6cf451d860f005f715cd2ae37c3b9d74a8c0db38f016de3c51e9f0cd21fe185b6a2ef7ed47345aa7827cb274d9b71d5f5
SSDEEP

49152:jBkPCnNbuF2lJdT+A2BAxI9octN4Fe6KCaF4w8HuZN2IBeCL:NtnN6F2lvTEeIKmiQ61tHuZN2K

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
593d12f2f7852495f32133593a165bd8de3a802d9efed63f2f7b43116cc8f61e

Files

593d12f2f7852495f32133593a165bd8de3a802d9efed63f2f7b43116cc8f61e
.exe windows:5 windows x86 arch:x86

5b84d25cb803a5e5db9ff1017fd3cab9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutPrepareHeader

ws2_32

ioctlsocket

kernel32

GetVersionExA
GetVersion
InterlockedExchange
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowPlacement

gdi32

EndPage

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

VariantCopy

comctl32

ImageList_Destroy

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b84d25cb803a5e5db9ff1017fd3cab9

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: - Virtual size: 2.4MB

.data Size: - Virtual size: 348KB

.vmp0 Size: - Virtual size: 906KB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 2.4MB

.data
Size: - Virtual size: 348KB

.vmp0
Size: - Virtual size: 906KB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 12KB - Virtual size: 9KB