386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8

General

Target

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
Size

271KB
MD5

a49c43b4d6b5610e0719a3947b9ecf8f
SHA1

392883730fb2e9146a565a298d980632bde30650
SHA256

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
SHA512

3d9680fa03a1fee9e64904f4108517a8de3e37976490b04bc717ea1e5b23cfec89ab3fe295e61e24b6617a5a5b15564ffb598785b32828c89f1b3e92e5f525f0

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
sample	vmprotect

Files

386e23ec5e38c484f0b546b78e2480fc589f74f2233f3bcee060796f87f492d8
.dll windows x86

905b423d4bc4fb8281a4ef9fa259a87a

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

StrStrIA

Exports

Exports

Run

Sections

.text
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

905b423d4bc4fb8281a4ef9fa259a87a

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 200KB

.rdata Size: - Virtual size: 66KB

.data Size: - Virtual size: 6KB

.gfids Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 304KB

.vmp1 Size: 269KB - Virtual size: 268KB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 1024B - Virtual size: 165KB

.text
Size: - Virtual size: 200KB

.rdata
Size: - Virtual size: 66KB

.data
Size: - Virtual size: 6KB

.gfids
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 304KB

.vmp1
Size: 269KB - Virtual size: 268KB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 1024B - Virtual size: 165KB