7e0e28fa326fde75a471809a3c2c1d1891684411c79f59e2c5c0b97b3178ec21 | Triage

Sharing

General

Target

7e0e28fa326fde75a471809a3c2c1d1891684411c79f59e2c5c0b97b3178ec21
Size

252KB
MD5

02f5c14b36e0db76832855b7b8850f70
SHA1

704ef9b7a7ca2eab00f8ebefe65e227d2fd139a5
SHA256

7e0e28fa326fde75a471809a3c2c1d1891684411c79f59e2c5c0b97b3178ec21
SHA512

bbfc618e4d48a033fd4868640d7ebbd6b4a9d1aec3cfd2cd887aaac488bb1304b4ac83956d88e65e8c304f901454740373eb8fcbdf39386390b45db6045f8351
SSDEEP

6144:Rllfe4ccDnJ820n2a+4J/gO06yklh7C2uEU3jq+vhctiviBsBa:J2Sy2Ta3JIiDBuBTtZnva

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

7e0e28fa326fde75a471809a3c2c1d1891684411c79f59e2c5c0b97b3178ec21
.dll windows x86

7979b7404a3f37d97511a29e3813f5e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetFullPathNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

advapi32

RegCloseKey

oleaut32

SafeArrayGetUBound

Sections

CODE
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ