6abff8c3f897d4d53dd47890e4946829044c0ecbc932b31f810bf582e4f1f2e3

Sharing

Copy URL

Twitter E-mail

General

Target

6abff8c3f897d4d53dd47890e4946829044c0ecbc932b31f810bf582e4f1f2e3
Size

6.5MB
MD5

a444349092759e5fb142b0710053951b
SHA1

c33c375c8408cda78bc64cbfaffa1bd6a365a222
SHA256

6abff8c3f897d4d53dd47890e4946829044c0ecbc932b31f810bf582e4f1f2e3
SHA512

a935f757ed29276b177ea280457a7f4331c0ab0da7b6ef8605ff556d2444ac15c09c2874387ee916809a28ff14f2acad9d89bfadf638f47228fb596e9537fb82
SSDEEP

196608:am0r2LDi8Y5Wdj0BZE9TLoU8JRD2hLEmOIYkBT:am6j5WJ0rGHFEmOIRT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6abff8c3f897d4d53dd47890e4946829044c0ecbc932b31f810bf582e4f1f2e3

Files

6abff8c3f897d4d53dd47890e4946829044c0ecbc932b31f810bf582e4f1f2e3
.exe windows:5 windows x86 arch:x86

0ee2d3e5f03e5c87f330a10e47d7ab28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA
SetFocus
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

winmm

midiStreamOut

ws2_32

bind

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ord17

comdlg32

ChooseColorA

wtsapi32

WTSSendMessageW

Exports

Exports

�O� "I8}��͇ ��S��<K�#�I�/)K��ߥ��vS��93a��s��T��So��Q�dT��-P�E�h#�{Z��9� �>�S~ ��8�P+ ��.�GJ�,��[��;?��S�� (p .��š��y/�G��Ҥ�v��hSBX0��.-گJ_,��D��m�)��r��y-H��G��iF�o��'D�HV�tzM�'S�k�?�J]>��@ﲜ� ��D<��z�VwA~�'�L:R%;eV�� y��l*��y6��7A��;Vq��0��}$�� /�N��`��66�2%��&�-�`�� ǁ��'��X��$�� ;��5|�<��0w��hr$�b�8�/�R��ʍ��r�n:�Ŷ� ��T��F��Wl� ��pj��Tᕐ�,�;��?��8�Hܰ�� 7� >��\[b��%�#��ӿsyu8�@�XW#�vT��Rl��g�͑�A��i�t:"Yff��M�>�: ]x�ԤQ�E�H��;�ܸ�z�EW��ѐS{:��pQ��Y��4�)3��3x��׌��l��[�P"�!-7L��CB"u>呤�[�}^�S�^��~c w\@.Ӣ�R|;{��r,�Km�@,G)��yb�R��{��D�:�P��a$��l�.��Wef�6O� ��k ��r��[F�c?��I[��0z��t.� U��BĔĪSJ�Al��v�ȡ9P?e��a��ͦ�Ր�-�Hq"�5�*Oh��˵�3�C��P=D@��FU�J��]�b��N\��c|i%��q��H�xՋw��S��X#\�Z�$��9��<��^囙w��pQ�-��CX��V $�QB�c%�q�� |U�׬(c�?oY�@7��J��K��>ڨ�{գ:lH�}r��tué��Gй0,�xg�$�无�$��t�m�j��M�Ğ�R�ʴ�a$��}Yཹ��1 ��z@�� A��@:3��lx�y$�Ã�q{F�:H�"�2'/��v�1T1r��x�ߴ�t�ޫx��ws��>j��F��i�w�k��&��W�r��@W�<(��ټ�I 0�@�1Z7U�Dn*��y��mf��c��굱�#I�̢xO��5|Il��J�S�mi��h2O)�$��2��Q2��XQ�ZO��G�S}�Ey��t� \b$a֥ȅ�V�>��"��'\��]u}GM��W�B��D�N� ��@��a�(8é��ѿ�o� c��u+&J��a]�J��$�=�Y/��,zII�D�`��&��H�Z|��V��5 �O|0+��<�:��5�5��?�%y��/�� ?$#�Ш:l��:��pO�e(�)n"A�WK��!��Q�u�15�<|=lh�� W��=��c��J/�QZ=�m"v`waڻ_J ԋL�b-��98WV�%��%��-*D��R�reelV�s��A��O�/1N�k�O� ��qp'��tň��Wb�C��AE�U]S.�I��/��E,SeH�p�^i(��G�\@.��2E�J }o@9�nhI��Zj��c��~ ��]c��k�/qU��;��sQw�)�=��#�o��#K�6��I�#R�,�s旵!A�+�i��/I��7�ظ�x�֙ ��^�A!�b�[�B��]�5)Kj<H77�]�,LT�ER�EvN�Գ��;��%�Qƻ]��E:%k� UU>F�ʄ4uScVA��pV�> �i��oO*��+ ُ�1�<�� H�h;"��7��X��N�b1�xVh��3�o>�(�ޏ�>��q��=�$y�R�^��<o��޺,�K%�Ѷ(�SD ��]��(�Kl��"��*͑8�D�Y�Y�wq��Z�P0�^�ܫ��z_Z`\��]e�#��6��B]@��uE��<G��%�(�M겐SJe PKx��"�-��Y��q�b��e �--Pu�� 9��ߙ�(� ��Ro��RA��hu��L�B"�mň�8hhp��2>%��3�h��Gwx��*�j�kG#��~��隍�+`7!��Y�33��i��3�q�겈��8f˦U��nn9ƣ��Yx'��C�~�|��F1�=��'2��T4KLz��t�q�zhJ�ƾ��B/�W��%��>��Z��N��?��V�w�+U�u>H[��bXZgr�np�/eaӿ�J:�w 9`�B��%m4d��Y��9��K�,�pX�o��&+��;�X-n�eQ��~��?s��>��uX�*�闾�5&�"��)£0��PK��>Yt��9��A *N��쇜{X�t�.��qUD�c�~�}3P{��1��N��<�C��p�K�&m}IC��iN��iB�<��慔�m6��[OTF��,�vH[ ��.4�E�I��݀��H9�33�-�ɾ]�� O}��^_��a��l��69iJ@�|��#gg.�<@b�דTzF�u�J8�)(~is��o'�Bgqd��.��z$��K�5V-<��XH=�R�� O�9�9��^��9s��3m+ϛ�t{�4-�܉4�i5��qݗ�"c�%B�dM�"vE;phE��~�g��<��[�?"��FY��˶�v ;$w�}��"d�5r�q�;�F��+�f=�+��B�aG��tڋ�2K��[4��]�^��)�!��9��y�O�X�]��e�ٜ8��]q;��oK�#Ui+�E�ؿ��T� 3eE��*�e՘g�0Y��"s+�휡��J

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ee2d3e5f03e5c87f330a10e47d7ab28

Headers

File Characteristics

Imports

kernel32

user32

winmm

ws2_32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 4.6MB

.data Size: - Virtual size: 764KB

.vmp0 Size: - Virtual size: 2.7MB

.vmp1 Size: 6.5MB - Virtual size: 6.5MB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 4.6MB

.data
Size: - Virtual size: 764KB

.vmp0
Size: - Virtual size: 2.7MB

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

.rsrc
Size: 24KB - Virtual size: 21KB