a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7 | Triage

Sharing

General

Target

a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7
Size

144KB
MD5

6d8b021af8e6442eab5e25ad354b3afb
SHA1

c75ae398fe34b0f312dc7ac07ac7c042a5a5a9bb
SHA256

a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7
SHA512

a820f1fff103b86a547930f86e5f4665fdf70e798c0050ae6ac312c010dda9cfe4695417315c2be7be8b493c1e5e6ee4948108bb95fa6c11f2e43294b6310725
SSDEEP

3072:qP1HB3xCmxHuMMbE8Mvf3qA2VCLApovsHsCJHJTKxfFY:u1h3UmxHXMA8Mvf6A2PokH/pTKj

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7
.dll windows x86

26babf02058ce73e5325d7a4a874ba1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

DeleteObject

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ