42bab8ecb29311439096423fa807a83d31bb1b02ec17d502cd423360a28a17b2

Sharing

Copy URL

Twitter E-mail

General

Target

42bab8ecb29311439096423fa807a83d31bb1b02ec17d502cd423360a28a17b2
Size

1.7MB
MD5

1d45a01e3413546c1358fcdcb76b3f28
SHA1

858d1c8a57eeedda57a274bdb80fa0239cee2793
SHA256

42bab8ecb29311439096423fa807a83d31bb1b02ec17d502cd423360a28a17b2
SHA512

d42b0e92f4d4c224249850ed37f44218b824431be84900596e9a17f537b4113d39e25dad356695e7a229c030e43b2636a625d3d6b1fcad3317cc37db26e2d499
SSDEEP

24576:r7gydJUXRyRZq+b3MGepIu0zdptQqo0hhY:r0GJWYd3MUu0tZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42bab8ecb29311439096423fa807a83d31bb1b02ec17d502cd423360a28a17b2

Files

42bab8ecb29311439096423fa807a83d31bb1b02ec17d502cd423360a28a17b2
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

��>�- � ��<��v�D�T+��,��?t'��d��{�}4��M�bɺk7u:��yM��x�Ǜ�g@$̍�G�S�l;�P��W�ԇ[ �+&E�H�6 ��kBW��q��|��z+�ΒGΕ��9��B4{��ls��N��$QUY N�ee22j)� ��E4��_��.p�; ��q��Gq��sV7�M��Q^�W�=�(��+��fƲ*�"c�ﻃ� ;�*�J=«�1;�X�0�P�#��C��[�m 1RFSm�`.'��( �g�w��㧶Z�V��A-j��u?��nWԉ��V��0p��Q��M��}i8i��Fm�.�A[6V,P��iߓ��_b+(Ą�e��+�V�o�˺#��L�+��}3��=� �7 <�R��L0@4� �K�Y+-��u1֢�V�5��N6�$��Q&O�Ѧ��(�Ѩz��{��,��j�h\��D� f�i��\L5��l�&w��$�&"p-- �ժ>��?+��Yi��~_2}ٹl��NN]��on^'޴$]��l��`��j�2��J�۪��r2\��R�S�\)O,�i7��ך�"��V+�l+��&߁�U]�µ��?TR��Cmz"��7�냕��~b_��O�]��ß%�x��(#:�`59��E��^K!��T@�H\��+�A�"m[q�(��p��RɁ�$ я��/#P��9�&��X��e��aE؟Ԛj@��5M�L��/��j;7x�}{��@��z�rc��Z�|�{��q�V��x��v��,i�;F^��G�r�&��ip-?�)�lËְ�7��z2��P�Sj��3U��2sN�@_i�XO�Q�6��O�8�^��XA�\��y<B�p![��9�Ƶ伨*��vIg�v��QP��Ǒ��^M�z��1�p�, �4�c#w\�U��>r7b t��y+�r�GV}�{b3�;e\��y�� C ��8�F A��Nj�z�ynS;1�x�|۪|��&1��*}I�B9K;��)P�m��9 �� R��L�)|n��6ҭQ��W�j��'N2r�/�)54w��b��Y��aL; v�*9�DȌ�C�v��f*��/��z%�+=��z�c?��Z�,ڧB��9��s��/&M* ��XO�g��-E�C��+�c��y�j�B_�^eM� ��x��Z�S�\�nJ�P��7��i� x�1��p��C4̹��Ɉ\�^+�}|�yn��ގ��7�ϓ�D��Jwb�{,��z�Ǡ��߼I\G�� P��5,��GXA q�-υ� �>��x�V��VA��x�H��I@e�XB�s1>va��_��*��<��1��֤ޗ�Qp�]�Mw0XA��"��q�<�e��J��}�B81C�-��ʄ��k�QO,�ϭ��I��rH��م^(�7n�=��YD�E�!��)�1��-�>�_�)�&L��*��д`s��)/��o��I�`�>L^��.��ుg@bA��T��nm%:s^[ '�G2�u$iLbлE��1XM�<>E��#v�ظ�U��<�l��8��'��N˰� ��<��xu�3��+�B�< ��H=�j��J)��5��j��|�su�`fjA��ހB��'[O�;< ��x=ż�� 쓖�7+F\�za��H�feǑiy=5�bKLY��{,��g�r�n?�<��SQk�K��t�@bƻ�3�,�/�S��}��mh��J�Z�J�`�\=�ng:.|��?��֘��o��;�7I��oU)��֐��&_�DH�-_k�6�L�"��p D�G��E��R5I��t@ޅG��ac��8��jS��t�z�T'Y��D�u�w��?V��uȌ��n��|�!Ur�Ê� #�z�}��=�@`��1k"��҉��Ԝ��=�>aN�^Ӟ�<�s��(��ueߎ��Y|s�>j�C��j��"ua�y�.��u��m&)��6��kp�rTr:�h��H*tl]AD�,�^ �o�h`�|��]wݦ��ㄑF�B��+��o�"�&y&��R)��T#��DT9��|>Z)"yn��*X��6`m�'�4zEzώ��D��͔t��9�0��P �>`佗�W�(��5��ꞹ��,/��uu}G-��%gߥ'r*�?�J}H�6��;�:!# 1E�A{W5�(��d��`�zI�*~��E��eB��D��um�p>��Y�Jz��X�H��6]V��$T�$��rcK7p��N��u��~O*0�I�~3z�i%�5,n�S5�a�޳�U5=��3�Z��6��rIFzۚ%�m�Dٯ�j��À�\��Y:P|��Rr�m��^�s ek�T_��v�T��M��N�>��c9�^��Y�=�;g�!�!ߧ ��0,��8�h�U7��+d�r2Ĩ�AB��i��sZ3��.Y��w�ꎳQ�E��T=Na�v6�8K��f{f%{u��,;�F�!�"zɼ��-�n��~�G\��=��-rh��G�`&Jlv�/�'|��b�C��j�N�Yg�-ʃ�(:�l��L��9�ޥ�eU��B��^��Q��h��2Ʌ[;�2�Ha��&l��D��`�F��,JLظҙO�p:6Y�8?ރ=��m�[��%ĤW#|8��a�;�hH��e%u�� X��)��dL��3~Y?�>{�HnG�*��}F�p��v��F��t��"ɪJ��7[K�C{�e=!�v��H�ެD%��Up��\��\��I��9��z��h��ޑK

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 192KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 411KB - Virtual size: 411KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 16KB - Virtual size: 43KB

.pdata Size: 27KB - Virtual size: 27KB

.vmp0 Size: 21KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 48B

.vmp1 Size: 88KB - Virtual size: 88KB

.rsrc Size: 180KB - Virtual size: 180KB

.enigma1 Size: 192KB - Virtual size: 4KB

.enigma2 Size: 636KB - Virtual size: 636KB

.text
Size: 411KB - Virtual size: 411KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 16KB - Virtual size: 43KB

.pdata
Size: 27KB - Virtual size: 27KB

.vmp0
Size: 21KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 48B

.vmp1
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 180KB - Virtual size: 180KB

.enigma1
Size: 192KB - Virtual size: 4KB

.enigma2
Size: 636KB - Virtual size: 636KB