0cc55bdf537dde82f3fcc96518b7ab21e36d19edc5d6bfbc0b204d64e3b540f1

Sharing

Copy URL

Twitter E-mail

General

Target

0cc55bdf537dde82f3fcc96518b7ab21e36d19edc5d6bfbc0b204d64e3b540f1
Size

5.7MB
MD5

1e3bd3f23eb294c02a88a93c4e00df15
SHA1

ac143cfd8fd87b2b07ec3a75483f0d63696f2385
SHA256

0cc55bdf537dde82f3fcc96518b7ab21e36d19edc5d6bfbc0b204d64e3b540f1
SHA512

f588bb84e904bc9794ce31cfce8f08d1317f6a606ee4684524800e8c83b584dc74c3aa3a2780ec5bfb8de1642cb7f6fc27dd8138889f4fba4847e9145ce918c6
SSDEEP

98304:AzldZ9pnU+yWbDYQsnkveSb6oZjUDt0BkVlXfsv9Wwn0Z+2/RxgdqYV2w:AdPpUaYNmeSb7Fst0Bsp0vEw0s2/uUw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0cc55bdf537dde82f3fcc96518b7ab21e36d19edc5d6bfbc0b204d64e3b540f1

resource	yara_rule
sample	vmprotect

resource
0cc55bdf537dde82f3fcc96518b7ab21e36d19edc5d6bfbc0b204d64e3b540f1

Files

0cc55bdf537dde82f3fcc96518b7ab21e36d19edc5d6bfbc0b204d64e3b540f1
.exe windows:5 windows x86 arch:x86

ddab4601b12488a00884b0f044f212b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamRestart

ws2_32

WSAAsyncSelect

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

kernel32

GetVersionExA
GetVersion
lstrcmpiA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ScreenToClient

gdi32

PathToRegion

winspool.drv

OpenPrinterA

comdlg32

GetFileTitleA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ord17

wininet

FindNextUrlCacheEntryA

Exports

Exports

_�u��$>.r��e�'��!Fa��8� ��uC-"��ƻک�4��j�OR�X�lMl�L.V�hFN^ ��sM� �g��!��2=wB�僸�R��&[Ϳ:[��f�}Pl�DR�K�@y��3��Pj�+Ny��W��xAy=dL�f�\�� R�LNoe'�Qх��D'?8�!ol2��２q�ͦxx��]�/�wl��><��`��H#ȗ�㱐Uz��l��*��`(��q(�٩)��>{\_�u��Q�V��I�g�5H{�1N{�7o��}�w�оI� Y{6]��:)7��K'L�/�;��K>�f�� Qa��pFW�8�3j�$��DGZ��ɵ� ��,K̋��F$�S��{��]3l��rA��Ъ�^�aNǿT#�̌��,�Y�IO��)g�0��1KA�ch��%� ouA>`��*J,��0��qv%�@xj`�c��>�P��s��t�CY1��@�Y� z�ǧ��a ʨ!�S�:W��`1\�G��NKZUt ��l�t��+_Ӊ�J#hZ!�նEv1�!�vx�U3��M~!�Y��ڮB�i%��;��Ō��Ɵ�4�S53k�{��u3s�$��C��r�EISs9Q7�Y+��jw��[8��{�>]/��I't��{�7U@00*[��b��]�F}C�#Vm6��x}v� 老�X�(��=�^�Q׶ ��t�\�M�Rm,��Z|Grm�l�q��8�1��U�C�~Klr*��JP�:7��ª��I7/ɑ<�~��̷h�̟��Ijb4H70KC$ne&�Jx��9_�D�BZ��k��$b�$��ӌB`��F��R�>��3�K��"Q��Ev�o��|��D��i ��ҿ��R�5��PR�W�.�+� �[7��kP�7��T��Ԓ��/^"}!b~� �ؒf��.� 5�X�R�� {��F��]+��F~� �1P��ɠ��K��0b�[��EsQ��kZ�T��*�7,��o��ݽ��sgB(�>J�7��;��<I��z��<ߴ1�� E�dϱj��;SB(��I��/�>w�q\yi�\=� @x6!_Ζ�׿7)ǐ�e�y%2��`cJ-��nX\�K�)LVA��YD&�@s��]��o��4s1��XMA�TfGֆ�i=�,\��5��ȝ��L;��y��Ҽ"�P&�Z��*y��w/��}�9&x�$�)��ϔE)� �@rǝ�c�Q�Z�Y��[{uK��׋8�JT'��d$�m?ka��s�U]��ye�/��Uۻ��o��d ��y�𑙙c��/F��<��,�}GjZ.��e!��.�7�n� ��ŉ��WxDw`�Е�"C��;��E��P��a�7��N�}��7�u�� \\@��c�q�y:A?�vΊ��J��7�X��*�c�J�izCDkZ��,f7��ni�Mx�q��g��A��Bp�8��4��xsj��4�LP/SJR �� S��Y|��F��Tx�B�<��B��d�w��ڄ��o��M'�� ^�p�pߙ��| SF��6x"��*��4��@��k-Bw/Lo�~��,G��r/��{;��Nm$g�B�E5�R" �,�TE��}d0PTE��:�TS0!U �'��ݴ��(�eT�?��vť*V�U�mè��e X�� v�"~��$��=�"K�>��[IK=��\'�h7r�˛�~��cV3"��HIW��Pq�~�� k��E�� !��ܘb��bU'�.�/3]�I~"4�w�.��/La��rr�V��8Q�<ķ��9��+��`trq�[��VΔW��ī�7�G�H��so��X��~��`8;_6�{@� tTu��1��#��f�[��8ZҢ SA��iʍ �d�W~u��dh�9�ᡶ�Wϛ�!=�Q�+8��cJ�<�X 48:��od#��\5�^q�{�]!��#yj��<?��kQ��A�Qò�Re'd)��"�H��6��Ȗ��]� �^�U*�'+i͕_�X��V ��&,��U��vC��`^�j��r��;�`�<��m'$\��L+ߠ��PEWW��v�׋<��hj��)&�p�+l��j��g�-�d.�0RH�.Ϡ�n�֒s�� ^P��!@4i(8�vn�e7��d��Lh;�ONxY� �U�� a��N1�qe��vS�SԐ)U=�c7��{��ˁD�"�@�U��W c;*��*HKgm'�c�}��Ua��5 �*�'ρ�5܏-�n��5Y�'WX��ݑs�!V"��e�~�Ӟ��S�gԷt��|['۟2�"u�� F��X�Ƚ+�e�B�,�e��ů��nLO~� q��0X��ip5��c5 �J ^�.�&$r��5�K��0RB �O4�f��[U��).d��[�R�|W9B&��M��L2�'2q�� S�4#��hv�j/�V+�{݆�2>��N�U��U<��:��qP:��!܇��}�!^�7 ��.2�/�$�4�vR[��[��c��7[��ݙ'��`��Z�t�BW3wc�N�B�:�r9ű]A�Cw|J;O�\k5T;X��pErO3]�f�� Z �uʭ#wN>��QJ6��i��e��[�:��vWE�4��-��ܐ�7�3 J*�Z[�>�@&$up�@��B0V�R�� VԲ��#�?"㮠R��G��+ͽ`)��c�I�w�V-��we�I��:��N��3)�~tN��K�ANgө��V�"�ZT�eB~��0hw��p�?��S�`!!�A{��x��u!��i(��4��at�\�s��&{�

Sections

.text
Size: - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddab4601b12488a00884b0f044f212b3

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

msvfw32

avifil32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 816KB

.rdata Size: - Virtual size: 3.3MB

.data Size: - Virtual size: 352KB

.vmp0 Size: - Virtual size: 2.0MB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 76KB - Virtual size: 72KB

.text
Size: - Virtual size: 816KB

.rdata
Size: - Virtual size: 3.3MB

.data
Size: - Virtual size: 352KB

.vmp0
Size: - Virtual size: 2.0MB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 76KB - Virtual size: 72KB