dd247054dc036e6acea0c1b31237ccac33f6649dce333d2a5dfe75e3a7aa1043

General

Target

dd247054dc036e6acea0c1b31237ccac33f6649dce333d2a5dfe75e3a7aa1043
Size

407KB
MD5

721f1d160457a694f9c6201a0941be3d
SHA1

80c2f06d4cf7d43e71e87fa30e5171a5108d5913
SHA256

dd247054dc036e6acea0c1b31237ccac33f6649dce333d2a5dfe75e3a7aa1043
SHA512

ad2ecac151cad86d5cbdc98b12f11df5439b8710af1dbfd157caee5399545a3c04627d9ee0fa6d38fbf697d6d6a64bebe189ceb06ec05877b995ce0039e68686
SSDEEP

6144:ZaTVe/eVXJaoQuqCcuKRrRUcAKoR/i/Cg0DgUBLpq5kYe/mlT4ziGrrkm6:ZaZQOXJaGqNXAlR6//qLprjxrrA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd247054dc036e6acea0c1b31237ccac33f6649dce333d2a5dfe75e3a7aa1043

Files

dd247054dc036e6acea0c1b31237ccac33f6649dce333d2a5dfe75e3a7aa1043
.exe windows:5 windows x86 arch:x86

11e13e33c17d1a3826259f0d9b2d293c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

WinHelpA

gdi32

ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegQueryValueExA

shlwapi

PathFindFileNameA

oledlg

ord8

ole32

OleFlushClipboard

oleaut32

VariantChangeType

imm32

ImmInstallIMEA

Sections

.text
Size: - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11e13e33c17d1a3826259f0d9b2d293c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

imm32

Sections

.text Size: - Virtual size: 227KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 26KB

.rsrc Size: 25KB - Virtual size: 36KB

.vmp0 Size: - Virtual size: 181KB

.vmp1 Size: 380KB - Virtual size: 380KB

.text
Size: - Virtual size: 227KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 26KB

.rsrc
Size: 25KB - Virtual size: 36KB

.vmp0
Size: - Virtual size: 181KB

.vmp1
Size: 380KB - Virtual size: 380KB