e6d3ebd2d7993e3f3e1009cc06faaa01240ff3d7f542acc4f8a027eb925a58de

Sharing

Copy URL

Twitter E-mail

General

Target

e6d3ebd2d7993e3f3e1009cc06faaa01240ff3d7f542acc4f8a027eb925a58de
Size

15.0MB
MD5

0d19a0a12170896cc652c16f383e9e73
SHA1

aba6017b2ba07ed493bcd77cbe1e9b38b5e5c3c8
SHA256

e6d3ebd2d7993e3f3e1009cc06faaa01240ff3d7f542acc4f8a027eb925a58de
SHA512

eb4144ab1b64c8735fb453ba57867ca705a7a4d9abcb9f484c26f233438039f43d0bb6922a6b83f9d7b3e4f021ed88251ae075a7e66678c98a592b71df5f0ce1
SSDEEP

393216:f6GR5iRJxfcAVoiHCIAgjVs118JIHrOWX4H:CGRknlcAV/iNcOX8JIHrjX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6d3ebd2d7993e3f3e1009cc06faaa01240ff3d7f542acc4f8a027eb925a58de

Files

e6d3ebd2d7993e3f3e1009cc06faaa01240ff3d7f542acc4f8a027eb925a58de
.exe windows:5 windows x86 arch:x86

cb7a970993fc195da7c6300a2b42127d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetClipboardData

gdi32

TextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegisterEventSourceA

shell32

ShellExecuteA

comctl32

ImageList_Destroy

oledlg

ord8

ole32

OleFlushClipboard

olepro32

ord253

oleaut32

VariantCopy

wsock32

__WSAFDIsSet

wininet

InternetSetOptionExA

setupapi

SetupDiDestroyDeviceInfoList

hid

HidD_GetAttributes

cfgmgr32

CM_Get_Parent

Sections

.text
Size: - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 13.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 14.6MB - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb7a970993fc195da7c6300a2b42127d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

wininet

setupapi

hid

cfgmgr32

Sections

.text Size: - Virtual size: 795KB

.rdata Size: - Virtual size: 207KB

.data Size: - Virtual size: 141KB

.vmp0 Size: - Virtual size: 13.0MB

.vmp1 Size: 14.6MB - Virtual size: 14.6MB

.rsrc Size: 368KB - Virtual size: 365KB

.text
Size: - Virtual size: 795KB

.rdata
Size: - Virtual size: 207KB

.data
Size: - Virtual size: 141KB

.vmp0
Size: - Virtual size: 13.0MB

.vmp1
Size: 14.6MB - Virtual size: 14.6MB

.rsrc
Size: 368KB - Virtual size: 365KB