7412a093a92abf297f443c1374f78cc623401ff9b9e1ba4cdfeb30905cc9820b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7412a093a92abf297f443c1374f78cc623401ff9b9e1ba4cdfeb30905cc9820b
Size

766KB
MD5

71f999287ab007157a90ef0194410d3f
SHA1

9d7e041377ca29e76473d08e725dd9750a4d4d34
SHA256

7412a093a92abf297f443c1374f78cc623401ff9b9e1ba4cdfeb30905cc9820b
SHA512

8dad10bf137bbd651ebb7e15a7c753e6cac23782f27f3686edb05253f18b84d4d595e085d35935951e4049471e41e026f4064ff2b3302832a1581e95dbe98af1
SSDEEP

12288:gx3JVHqv7uwKh/5+dk23nKAaB+RN+bu3rCK/NSwPR8K8hhw60/Lh7npaeqJS0:gx54iwKhek2qB8N+bu3hb+K8hhv4Lhk4

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

7412a093a92abf297f443c1374f78cc623401ff9b9e1ba4cdfeb30905cc9820b
.exe windows x86

31b0c01ebf1f81bc18f19624ad33977e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeDpc
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

READ_PORT_UCHAR
HalMakeBeep

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ