ada67f7ccbaf8bbc905f8ba19a1e77412710d28575b1cbb08b4b06ea88ba834c

Sharing

Copy URL Twitter E-mail

General

Target

ada67f7ccbaf8bbc905f8ba19a1e77412710d28575b1cbb08b4b06ea88ba834c
Size

1.8MB
MD5

bde91af0fc28e3bd3510f63a239d7767
SHA1

923663568021530a340c06d59acb61001e3dcdc7
SHA256

ada67f7ccbaf8bbc905f8ba19a1e77412710d28575b1cbb08b4b06ea88ba834c
SHA512

11645881b53e941cf4c9845d1905c87d61c231d791ff41931438746867997239d6a9c3ef9d77bff665a366645cb03bf633ca0b5a31b6975008c4312d14f275e7
SSDEEP

49152:fyjTi9L9BjTWJ9Tif5t04EiMWq1NW+WuY1Qrp/3eNG:fyjI/WJif5tJEB1NW+WJ1CUNG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ada67f7ccbaf8bbc905f8ba19a1e77412710d28575b1cbb08b4b06ea88ba834c

Files

ada67f7ccbaf8bbc905f8ba19a1e77412710d28575b1cbb08b4b06ea88ba834c
.exe windows:6 windows x86 arch:x86

b8d731033e59d667a3a5717d9ab10474

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MonitorFromWindow

gdi32

GetDeviceCaps

shell32

ShellExecuteW

ole32

CLSIDFromString

oleaut32

SafeArrayCreate

comctl32

ImageList_Destroy

gdiplus

GdipAlloc

ws2_32

WSACleanup

vcruntime140

memset

api-ms-win-crt-string-l1-1-0

isprint

api-ms-win-crt-runtime-l1-1-0

_controlfp_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-stdio-l1-1-0

_wfopen

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

��o��]��&��PI��, U�p��~ߡ"z��.��,�(��׳��I��[�|sL��b��h91��`�xb�58�y��440ӕ�;Wv�=��75+��c�8!QE^8�p��u��qh\�~��g�0mmѶ0�4T��,P�F�ly��d��j�jV�T:��s�Q��:9�=6 G¹�C��+"��̵BD��%��XF�a� ��]�M�F��i9ݤ�v�~�|/.�l�@�<��c5�<./k��*��k&G��Ɇ�_y�a��=£�W�F�Z;�ؖ��i�<�_DN�� 5��*.v,߀�� vᆺ�>-ě1I�,:ŴqjR��K��)�� |��jEc)~]/^]��k�9��B �(��{��W��W"��%D�D�-��9 ��ɎA��9��0�<�Lm��!�9��J0�$��`�% s.+@��Bw-Bc6��? ȕF��-Zf#��o��ف��7�W�:��%��5�� `$ �<7[�ʲ-�_�% G1R��uP ��T{��g��'߹% ��qi�\K��u�K�u��ߊ-\g��ͻ�:J��*�,��2��SN2��$pg,CgW�!=`�cTw�#F<�r\sj�(�=f /��ز�#�MؠJݟխ=\�� >6��2E�3��V6�J��GZ�S�#��,��J)�8�R�1�]�^�5�)+i~r��l��1��F5��Y ��*�N�x�:��,�C+V��^(A��H�H�'8#��+�Ú�YV'��q�3�u��QE��T�;m��6Q��SD��?�ۢLs�.&5�%r�K�5��U}G�u��W�7ߥ��Ӌ��)�%f�<��3�QK%��p_V�\;��݇��/��$�)�� X��WBᡨvU�k�L��^��k")�d��,�h7^NKc'�v��bqs��Yp~G�e?�v�$� ��<��6��g��$�+6��<m.i Z��Sb�v�� C�@[�bV��'��f�D��[�R��-��+�qC��rz�My"�MJ��yDqT��h<��ҡū��Ώc�f�V�z��!G�P��ڧ22�rM,& �� ɧ��2]��H^�Y7�m��u��t̯��f��ZAG&g^��aŽ��#׎�x:��c�Z�y��D-a��>]W�>n�R�߾"��m7�6Q R8��ٶ�c�bE�<�G�.�Ψ/�+ <��h�ᣢ?��0~��=�b�0*�A��ă[篛;Ֆ�}(&P@P��Kt��-}�ܘb�Η]�;k��y�sF��6��_'f��堜&#�Є2m/�|s��� 9��湽�A/=�|��gݡ��H�|� &�uR*��o�<��,�D֬P!U�ղB��&�V�:��^x�T�B�8XC�ŧi� �5�q罅N��ou�ϝ�k�*�F�un�lD�C� ��K9�cC�� :{mbm�Yi4Ny�G�B wT9�/U��d�T3$��j%W�e��h�S�5��aZ� ��0� �A��J*0��!�� a ��C��ն(n��V��ˮм��U��p&n�QP�� DX�=\�ҾdgV=��z��V�h��^ �05}��)��̑Jw�XT�q�=AU�o��H �;�[�gU�;G��M7�˺�F�_�ҌE�D��:)Z �sj_�@Y�3B��o �rG$�a�>X �8]��E�D��9�!6�<��k��!�M�J�G�Ɵv��~���Õ�ÿ �K��0g2�y��a�=�Zm��rtd��S��A�q��I��߆��'R�h)�;��v_P6ɂ!�(k�ȳ�|gB��.ߨ�*7��Z��@�� a��2��k�Ta�9@٪-ӻ�D�]��͝��x՛��DF�@{�[�/XW��դ�]�[scYW��6I�O��e:�#�cO�%3�i�43�{��6(��e�|�,��U��/��C�E�*Ś�=:��(��]�8S�L�5�iI��R��}�x�|W&��XmXy�u��>k\��=o��2��q�.Nk|E q�z�ǡ�&TiP_hN۪^?�3��M��K�3��b�@ �!�y9܅�S:��6��[�d<��p��ߚE�)t��n��֋� ��q��(�D`��~�� PFTI�=��J )W�t�)��Y撔�"&�� +�(�F��M^}])�p��y��[�Y\e4B{��?@��Wb�-ٔ��(�M��z>|��h �46&��x��Qh� �M︷��y��ay�>�%� ��_��B`1u�`>��v�x��6Q�Ak�>��K|��2�]1�*r@�#��׶��Y��f$�H0��c��7> $��y�{n�[9 ��{^W�8`�0g�Re��r�u`k@ǒ?E�ZƂ��Gی��+�L*5�Q��<��[o6��H�H��!l��R��h��叐��1��N��q-�T��ހ��֞�?m�ㄥ��Ww+�x>I�m��@xx��@��|æ��~=��z�{G�r�A��蕪�$m��n*�Oj�yGZ$�[|��ÈP��2�G2Q�7�2$��o!��W��y��k͕��9b: X�t��r:+o�Q��)<�$�Wbzo��p�ȩ��R��K�R�ԇ&�ү�v�^��vl��H�f�2$3��`|?�#]��3_�8@��?��K�Q��0i��b|�*In1ǯy*>榔'ߝ.�6�}� OXIP��tpe�*P+)��|� S��zCw�8X>t�Yx_~�/�-��g��ۖ�ݨ7G)��w�I�o�W[�j��$D�E4�M�7��L��թ愝�

Sections

.text
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8d731033e59d667a3a5717d9ab10474

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

gdiplus

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 135KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 332B

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: - Virtual size: 135KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 332B

.rsrc
Size: 11KB - Virtual size: 10KB