fc0e8980bf6efec96d6e0034e37075f9da763b0eba6ed1b81f1f227b8ac9b81c

Sharing

Copy URL Twitter E-mail

General

Target

fc0e8980bf6efec96d6e0034e37075f9da763b0eba6ed1b81f1f227b8ac9b81c
Size

3.5MB
MD5

3262270363f1bd40147f13b2b9a844c0
SHA1

a0eca4f0948949c9fc7f1cb8380937c3e619a251
SHA256

fc0e8980bf6efec96d6e0034e37075f9da763b0eba6ed1b81f1f227b8ac9b81c
SHA512

fa1bf6200df870ff318d1f849bddc26d38198526da78b8f9dea22ee145a016978fbeb24e8d07b725c3a11636f8b3d4adbcf1f1fca05855faa2db02230ec1b02e
SSDEEP

98304:zp9gAqnFvxytSc5WbUlu/iAo0wiD8TFraP:zp5qn1xyqbt/iAZwiAW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc0e8980bf6efec96d6e0034e37075f9da763b0eba6ed1b81f1f227b8ac9b81c

Files

fc0e8980bf6efec96d6e0034e37075f9da763b0eba6ed1b81f1f227b8ac9b81c
.exe windows:5 windows x86 arch:x86

f042e15cf1ea7055fa3a313829c90fc8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
GlobalReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CreateIconFromResource

advapi32

CloseServiceHandle

gdi32

GetViewportOrgEx

winspool.drv

OpenPrinterA

comctl32

ord17

shlwapi

PathFileExistsA

winmm

midiOutPrepareHeader

ws2_32

closesocket

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

RegisterTypeLi

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f042e15cf1ea7055fa3a313829c90fc8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

winspool.drv

comctl32

shlwapi

winmm

ws2_32

shell32

ole32

oleaut32

comdlg32

Sections

.text Size: - Virtual size: 817KB

.rdata Size: - Virtual size: 784KB

.data Size: - Virtual size: 303KB

.vmp0 Size: - Virtual size: 2.2MB

.vmp1 Size: 3.5MB - Virtual size: 3.5MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: - Virtual size: 817KB

.rdata
Size: - Virtual size: 784KB

.data
Size: - Virtual size: 303KB

.vmp0
Size: - Virtual size: 2.2MB

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 8KB - Virtual size: 5KB