b4797f26a4fdc5f3377b3e08fd08b04211c272fc99353593329839c4d371fe59N

Sharing

Copy URL

Twitter E-mail

General

Target

b4797f26a4fdc5f3377b3e08fd08b04211c272fc99353593329839c4d371fe59N
Size

1.2MB
MD5

f7be3e7885e1cde8740936051b695b00
SHA1

4b2e9b617c5beaa42ee7aa9d75806ad14289a517
SHA256

b4797f26a4fdc5f3377b3e08fd08b04211c272fc99353593329839c4d371fe59
SHA512

db49dfe9670dd4272d1b2e0b0cf2e252e7d92dd7b367295e3dd9d964a0a7267c06d22ff385237fbfadd67621b794ad97d5c90065c9de78d67fe663d062f6fd06
SSDEEP

24576:CRRfDfqh6h3+ijz2BJ3K4upnHMTyy7XZaLA3lLRVboNpSAaitfiJdAXUOYGF5eu:arfd3AJ3eFT4XsLURFoTLamPUOYG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4797f26a4fdc5f3377b3e08fd08b04211c272fc99353593329839c4d371fe59N

Files

b4797f26a4fdc5f3377b3e08fd08b04211c272fc99353593329839c4d371fe59N
.exe windows:4 windows x86 arch:x86

9c4e78d454d608bf3a9801086663c111

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

winmm

midiOutReset

ws2_32

closesocket

kernel32

GetFileSize
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA
MessageBoxA

gdi32

PtVisible

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

StgCreateDocfileOnILockBytes

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c4e78d454d608bf3a9801086663c111

Headers

File Characteristics

Imports

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 532KB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 309KB

.rsrc Size: 72KB - Virtual size: 85KB

.vmp0 Size: - Virtual size: 135KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 124B

.text
Size: - Virtual size: 532KB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 309KB

.rsrc
Size: 72KB - Virtual size: 85KB

.vmp0
Size: - Virtual size: 135KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 124B