ef5aac5e5c92c1485b183d5bcd5975f69c5f2bba64a251625950a3a85700fc57

General

Target

ef5aac5e5c92c1485b183d5bcd5975f69c5f2bba64a251625950a3a85700fc57
Size

119KB
MD5

7149524a354ef19026599096de526cd0
SHA1

d19d73f987dcc53cce4690ab68c5b8ef8b2a7e65
SHA256

ef5aac5e5c92c1485b183d5bcd5975f69c5f2bba64a251625950a3a85700fc57
SHA512

513ad0f9c4ebbd630621ab981028564a4fe533f9ce9f90963bdaf4b6d4b318e7f46336d27530224b89904b878c425266dc324e6c44cd02a5317456c232395c20
SSDEEP

3072:cFMYP/ougChaFLpXPNJAcAE2FcRCXhxm1PYGmAwOeIB:Yu1mE2FcO7+AGmJOe

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

ef5aac5e5c92c1485b183d5bcd5975f69c5f2bba64a251625950a3a85700fc57
.exe windows x86

3ceb594ad7a106729f1faaf9d93aad0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExGetPreviousMode
MmGetSystemRoutineAddress
DbgBreakPointWithStatus
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
DbgBreakPoint
ZwQueryDirectoryFile
ZwDeleteFile
ZwCreateSection
ZwOpenFile
ZwQueryInformationFile
ZwDeleteKey
DbgPrint
KeInitializeSpinLock
ExFreePoolWithTag
_wcsnicmp
ZwReadFile
KeDetachProcess
ObQueryNameString
ZwQueryValueKey
IoGetCurrentProcess
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
ZwQueryInformationProcess
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
ZwOpenKey
ZwSetValueKey
ExAllocatePoolWithTag
ZwWriteFile
ZwClose
IoCreateFile
RtlInitUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KfRaiseIrql
KfReleaseSpinLock
KfAcquireSpinLock
KfLowerIrql

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ceb594ad7a106729f1faaf9d93aad0c

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 88KB - Virtual size: 87KB

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 1024B - Virtual size: 796B

.vmp1 Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 480B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 88KB - Virtual size: 87KB

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 1024B - Virtual size: 796B

.vmp1
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 480B