27e644f08f42402b8c411b001a885f8b57459140adfeabbaffb315ed648080e0

Sharing

Copy URL Twitter E-mail

General

Target

27e644f08f42402b8c411b001a885f8b57459140adfeabbaffb315ed648080e0
Size

2.2MB
MD5

aec7c2e96cf758f99aea3ff7268de7d1
SHA1

74891890f26cc6afba4c13e9f1fcda1c8463e8d5
SHA256

27e644f08f42402b8c411b001a885f8b57459140adfeabbaffb315ed648080e0
SHA512

5adfbdea4a07ac51544186efdffe5bd6d8a9bcfe4638d0f857d1a25b2e4069fd4f5872d7b45b1de26d4684219b199a38d6b83898a5be495e096c5e25d421da83
SSDEEP

49152:dadOFysralYfW5j4KsD6fTAmOGaI9cIVlO1N+v:dadOFyEaGfW5j4KsQshGaBICK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e644f08f42402b8c411b001a885f8b57459140adfeabbaffb315ed648080e0

Files

27e644f08f42402b8c411b001a885f8b57459140adfeabbaffb315ed648080e0
.exe windows:4 windows x86 arch:x86

d05c65d0b9223ec42dbd686a57c6f4df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamRestart

ws2_32

select

kernel32

GetVersionExA
GetVersion
GlobalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowWindow

gdi32

GetCurrentObject

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

DragQueryFileA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Create

comdlg32

GetSaveFileNameA

Exports

Exports

k�<��P ��*x�%��ZN{m��1��*��x}V�`��bZlM�=��T�8�RV�uy�F��Q�*��m�j��n4��X�&,�s�+}(!�fbcF=�@\Q��@ٛ��H��%�@��35��Ov��f��p�F� !��ҫ�wk��'��Rլ?��]��F��qQ��;�J�Yes�*W��S�#�pd�c� 9�_X'�gM^��3��8W��P䪵g��T�%>��?��X�� o��W��{-s��i��Ew��/q�k�2�)��?��Mܖ�{Z:�v��T�X�~��g�G5��cd@�vk�"��c��}��z��To�N �Eυ��կ�sj�)%�R*��n9^��r��KsFfi��D�0�PG��d��;g�y�|��o~O��X��(f��̜�V�0N@��4�� /1��y��U�r��@{3ߺ%y]�Y��s�@r^��O$gyS��ȕ$j_�'�L3:暑�Eᑭ�>�DN��`�<�y�-Y�ķ��Z�}W�O��B=��d�G_�^:Y�(��֦Er �4N��?�v��`��i(��d��b۔��8�i'v�� }|)�8Yq��T*�@#y̧//�깙��Vy|�9~K��D;b�M��ٕ3{��9��x�}�K�4�g��Oh��#�l�t��z{�)讘��( a��1�AXk��ļ�;�{��zr�c��K�_ͷi:e!�WZ�P��}��o�RU�{��R��\$J� �'�Ԍn)�!�i�@C2�@xKdb��8�-��O��{H�ݾ�>F�sp3�@�@�;�.�U�*��G�l��-O��ʳm��L��&GC�p$9mܬ�pr�G�zw�[�qT"��`��猩��>��ŭA��o�:ZY�HmJZD��V��g/�~��yN��I��hc�"�DRGş�]D(~2��u��x:+�j��_9��]�IJ��^ɖԁ|V��Y�3a�RZ��@1�1~6M'�$�v �A�"5��G�O��D�4�n�m�>��&�;�sq�/�jG�,D��S�|��)��z��T�";~��pj�:)��!��w��_{�]��&#� ʬ�D��V��=W�[7h>׭��O��o�w��I��sw��x��h �40ƢA�jP2�Mq�㲶$��PрB"�a��w!H��E��^I㾍��C��B�8:E��Axm]F�v��J{��@��"c��WG�n|��1zd^GMb�{�8�p��h]T�$#1z]��,��s�w{v�eW��<]=��[��<��Ьۭ�X�NK��ӫUe��n�}m��6�:�*,�_�!t��;��Ҡ8��14��&�Mn��.��JS6�TU��.�4g2�=�&�g��n{�=׵�7[H�=�6��O<v� �%y��x?��ܔ��8�ݘ�=#��o�W��Q�WV�y�pR�K�f��Խ�}��%�.�g��ic��Ru�N ��ܮ��~��J2�[��Ɨ��{p�jR�F��5Zۢ�~U#8_<Z�ڧ�u]��&��W��y�=S`+�x�gq�ll@9�^㳠�K^R��/��d��l�u0i�ϗ��t�E�!a�cv��q!�ek�Z��,='t�h芉?�Z��T>�>{�)��T�}��^��y-��ף W1�(�Uh��J��mI��ƹ��|ue5I8B�c��ǚ��2�X��P�� _�®VPH�X"�&C_A��E�G/׻Kn.>ɴي,a�k��]U]N��oW�v,0�P��g� �I��g��$��s�^rQ!k��w��h)��<��iC��L[�00zj��j��A��e�o�9��:odLM�)&�z|��F��R.x�Z�GJΆPR��U�� }e��[=�-�^C�+_I��T�˴��2c�y��4��k�>!�5Yð�<� AQ��AM�hi��K��e� U�g�Y��$�,%vp�XX��%}^c��ȅ�=�j�+��q-i�"nW��û��{�E�,T��Ċ�.P��q��k��ӹ��%ܢ��2`E&#�\��(��$uNE�2��}��{� I�|4�:t'F � �p��勦�n ��B.��з��n�I�%�p��b?�;�\��X��U�IH�6��8��Pfmk׋x¬��;�y��nXz��X�6z��-u.�XV:]��K�[�`i:z�Y�m��!��5f��. |��W�8݂��@�)��(��ٽ��J��׳`��}aZh��O�7��?n�Rq2�U�I�!�1<"��H�s��?{^��% ��f�Ľ�Py�4wcR�&�o��~J��,g�p�5�Y�R�� @��.�)�u�P� ��߷��f��ß��Ur��ȼ�%�+�6��=�51F�*5"Z �Q�)'Um/r�{��`�|�qK�č�m�� K��1��|B0ș�!��l�+P�v?.�1��N��Ɇ��`:��\)��l��>�~t�k�R� �0GǏ�0l��3�H��}0:��ɶ;YxY_bn�*��{�b��G{ �DDtF��~��UޫLuѪ�JU��A�a�ۂ��Tj�@�J��$lz��E7a|f�1g��t'ͦ��e04u��M!��`�~�eU��c �2��]8+�q|:6H�?~�ߴ��oT�o6^��;��_��6�J�y�@�r2�o�:4��Q��P��׶G��9.@$�C%Mz�.�Y�1r�;ff��)�r�R�m�L��˗y5͟��I �?�f�uۚ��2��V��Ƙho�者��FtSn1��I�`��L�[�R6p��t�`��%�5A �]��a&K��*�1��#��L�

Sections

.text
Size: - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d05c65d0b9223ec42dbd686a57c6f4df

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 739KB

.rdata Size: - Virtual size: 2.3MB

.data Size: - Virtual size: 281KB

.vmp0 Size: - Virtual size: 377KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.text
Size: - Virtual size: 739KB

.rdata
Size: - Virtual size: 2.3MB

.data
Size: - Virtual size: 281KB

.vmp0
Size: - Virtual size: 377KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 2.2MB - Virtual size: 2.2MB