ea699cb1c1c17b0e23e9311f13cc7cc956b4561433ab2f884885db7e2472654a

General

Target

ea699cb1c1c17b0e23e9311f13cc7cc956b4561433ab2f884885db7e2472654a
Size

840KB
MD5

4ed34f731afb121409605b3b84ee97b2
SHA1

c75930cae82f86257396372ed95f0ca3fb85fe4a
SHA256

ea699cb1c1c17b0e23e9311f13cc7cc956b4561433ab2f884885db7e2472654a
SHA512

6be774ca4b0aca8c1ec58d5c6c69dc38361eff7487ea98b7586b24c2ce4bcdf877fe21250254f90f66537c87bcf59edf5bb54ff7e320638935331c1e5fb61fc2
SSDEEP

24576:1z5IE72LxXgzQgC8iXn8m0hpwTe5Wm84SLnxjpaoilfF:FOLpmi8iXn8m4Rcm8L9jpxil

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea699cb1c1c17b0e23e9311f13cc7cc956b4561433ab2f884885db7e2472654a

Files

ea699cb1c1c17b0e23e9311f13cc7cc956b4561433ab2f884885db7e2472654a
.exe windows:4 windows x86 arch:x86

9344895c23090386f41df45fe4708efb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5875

msvcrt

isdigit

kernel32

GetModuleHandleA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetCursorPos
MessageBoxA

gdi32

ExtTextOutA

advapi32

RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_Add

ole32

CLSIDFromProgID

oleaut32

GetErrorInfo

Sections

.text
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9344895c23090386f41df45fe4708efb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: - Virtual size: 216KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 1.2MB

.rsrc Size: 20KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 110KB

.vmp1 Size: 812KB - Virtual size: 811KB

.reloc Size: 4KB - Virtual size: 208B

.text
Size: - Virtual size: 216KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 1.2MB

.rsrc
Size: 20KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 110KB

.vmp1
Size: 812KB - Virtual size: 811KB

.reloc
Size: 4KB - Virtual size: 208B