5c667581c31889f1c00520fb802f1455476c0f73456f6ac31f34d48b7a585083 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c667581c31889f1c00520fb802f1455476c0f73456f6ac31f34d48b7a585083
Size

69KB
MD5

6f0998a4792150485b978fb2808bf576
SHA1

91236876eed305ca24f1757783111070d53ea39f
SHA256

5c667581c31889f1c00520fb802f1455476c0f73456f6ac31f34d48b7a585083
SHA512

d0b3a79092b7214fc7a6c8976691c46f01f6b13d7088b5238bebbf0b4a1b4781610816fa158eb6b7cd0dad71d56f864491a9f8d4b478e27c3d80543568180308
SSDEEP

1536:igwVj2irk/ZDj1E2hfTyCyWbrlnKT/Y/CWmZkkdkBUL:YVj2irkbEqTfTbX/ekku

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

5c667581c31889f1c00520fb802f1455476c0f73456f6ac31f34d48b7a585083
.exe windows x86

0b0be73ed07c8c2732f0a85e4b889085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ