4aff5d1ee203889abf5bcd54a6d28814edd79803d21946810d3ef684b22ba2f7

Sharing

Copy URL Twitter E-mail

General

Target

4aff5d1ee203889abf5bcd54a6d28814edd79803d21946810d3ef684b22ba2f7
Size

171KB
MD5

aef70342ab9b1b41b685daf81affa5e0
SHA1

5bc0052bee1741c044b78294fe7882299323c3d5
SHA256

4aff5d1ee203889abf5bcd54a6d28814edd79803d21946810d3ef684b22ba2f7
SHA512

3622b31e40c3719097fd83379702cd0f94368c1139c2a3242875fd14cb88f00647914a74418ead893f363d4438f51490e583490492d0710b7919ef8d06b65bc9
SSDEEP

3072:Yw2aeh9q3/H1yPAUIlGEuIWwtaTqzKp5Rf0vVeEVdF34pO7jwbYaLSTM3K2c9GiL:b25E/mzwtMqep5J0vVeEVdu8nba+AJqH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aff5d1ee203889abf5bcd54a6d28814edd79803d21946810d3ef684b22ba2f7

Files

4aff5d1ee203889abf5bcd54a6d28814edd79803d21946810d3ef684b22ba2f7
.exe windows:4 windows x86 arch:x86

f11c6618fab9b37e166e2b6b2ae2e17a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegQueryValueExA

Exports

Exports

��!�ͳi��҄�h�S�Pi��oս�A �P��ܣO<��_tdf��X=�YjkGayL��d��)��Wn��x�Tgo��Jҵ�}� 9_Qe��k'��e([�S�VWo 䞾��x;�� #h��PO$Sly��9W��p�&��i ո��~*��*��_��S�R�X'�e~.�m07SV��&�:��֠Ma�.�M+\Hv�k�ݙx��k��n�b�"��f��޺-�s�{�q?�&��yɅ�i��71��^�P�m� -�RآImʴ �Q�J�U`dP`�j�h�%�V�U��X�D��X�.��L�D<O)�ԡ�1 Q��z�K��쎇|��aP��ah,��(.�GY�nӥM��ҝ��Ƣ*C�`��j��Jm��tɘ�p�R0/4�Q��9��O�F?ʮrE��ʟ;�I[C��<+u��=��t�Q��@�"-�^Ľ.��$�C]I�P��"��<�T�+�%cq��s ŵ�\�W M�QD֔��>Q��I��~��M��|ba,0�vX�q� `s�3��J��<�9��D"��V�n��7'飣>7��{�� vv޶r`�jZYN�BPd�a!|�6��+��]wI0�{��,�g��!��N��w�` z!Wc�gr�{�L�9}�>��\�]��ѵ�܊�c��we#x��q��&�]m�3m7��eS�M�3�7qC=��[d��`�!�`^��/��Sv�s��a2��z��B��\�O.#�a^��VOE$��F��3 �Υ�͸퍡��VW^�+�"Q��m��J��ibs��5mQ|J��[o��}uX��c��Ih�MA9��Č'L)Ŕi�+��h,=[��ā�579bЍ��3B��&U�)��R@W��2��XR�=��v��X�8.E�H��p��e-D��8+W �$O��l�̯��Z��40��Q��5��0��3�]��| �*��j��ߑ��a.)��C�&��휋�[��]��{�30��d��I@�"}�w��M��/˽�u��f��?��x��߯��M��h��HU�uڮ��]@ˢ��?� \�zk�H�o)��?��Lg6s0Y���%�3��e�45�<��<�妕�$�q'��r�e�M��V��=�Y�g��-�%͙�D8$Mi�Q��Fנ�(%��r>Z_��>}��(�u�ʦ@�УR� �z��i��5�G53ۦ�̊5�O��b:��O��l��n�{8�G�Ж�90�B;�Q> >�"��S ��n>unjK�|JW|�Ӑ��Dqn��&�N�\1S�_W�TLﮱ�q��Q��J��t��8�ߕa+�dQ��<��a�n�"��}i�?�v�x��}Ÿfm�@S�O�l.�k,�p��0V6> 6��Hv�c�%��FK>N�B�l�psLzP}�$��HX�� NO5�u�'st�%�5#^��S}�ўy��Ѓ��bG �-O��)^S��˕�3P~��V�wz!�zR� '�5�Z�e�=�i�<ʽ7�*8|:�݌ ��^�."�ݙq%z� "��Zc�I*�3�z��Y��ya�rf�,��V�pD��S��JlW��pHL+�shUM�y�9��,c�F��@�/w\1�4�M��"A&�pD�b�"H䴫%��}6��sa��9/�B.0�?�t]��a�/3<�f�垌Δ��7��@��ܣ��ѐY�DS[�{��:��gF�JT��|��v��܆��h��B��)V,��i��6��ύ%��e�W��j��BpvF�cAM-��.Bj��{n/��`�6�܀��[y!�Y(�Uc�\�\lQ��.�(�&Hƃ�%ɷ�b��.��3@�$��&�:eIx�cL<�-dl�D��hM�z�� ;��H�_l4Q��ĭ�h7��xh�B\��~vN��M�F!��3��\�V{UU ��B�3B�fD�?�$��s�o�Kd��X�p<5PW��"2� � }��r��+t?B�؃��İ��;;�@y[�-��cv�SR��(d� ��G��@�7�o�&L2��]]�D��2�'�FpV|yZ��P�+/?��и�m��p��mhRx�]b��/ߪ�ߙ\fw�ߩx��J,��#��;G�q�2��i�/ȥ��&�ލ��M�Ty��UhS��Q3A��(��ۋlN�˰��am��ǰX�{��Զ�w�Ao��g��D��s��\�Q� 1��!b7,��$`J�vU]x��C��t j?i��Kb��&��iՑ��qC�C<��z��&� �, J|��2�9�F�c+��i��3;��>��B��"�0�op��~�<�)��fwnD�G��Qi�!LY��Q��]� ��p��̰`��M�قY:q��͜��Q��Fv��~}�Xє�=ܑ��d�sɢ�^I��]=��1�.�I��&�ˎ%�e_τ�'��Hg*��7��'U� ��z�ce�mqC��H(�̰�.@T��(��k��2YG��F3��!t66XwM��t.m-Zm�8��N�/=�@��Y~�W^JKj'$��F�,�fź��V>>L�ƛZ*��^��Юxd�5�>�K�8��F��0�Z@�Ĝ[�%�4b�{��fǀE�ݬ��H�):"��2��>��,�� I�)�&h%q�9�s^��i�v*�'*�� D�͐��(��[��a��)j��s��;4JH��,[�)A��ﾑ��SNg� ��dߤ�r�>��3��$�*�MĔ��V^@P��j��r��d��r<�G"�#�0׏(V@�)�W�H�M[uVG芞�C��Uo�,�>�

Sections

.text
Size: - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f11c6618fab9b37e166e2b6b2ae2e17a

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 556B

.rdata Size: - Virtual size: 404B

.data Size: - Virtual size: 481KB

.rsrc Size: 3KB - Virtual size: 2KB

.vmp0 Size: - Virtual size: 27KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 167KB - Virtual size: 166KB

.text
Size: - Virtual size: 556B

.rdata
Size: - Virtual size: 404B

.data
Size: - Virtual size: 481KB

.rsrc
Size: 3KB - Virtual size: 2KB

.vmp0
Size: - Virtual size: 27KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 167KB - Virtual size: 166KB