5e380a2efb5841356c25460a917d0799cf934710fadf186923d3ec46de65793a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e380a2efb5841356c25460a917d0799cf934710fadf186923d3ec46de65793a
Size

1000KB
MD5

60d7ae449b93366e468e9409385d1d10
SHA1

904d95403855f18b958ef8accc8707d0cb947e98
SHA256

5e380a2efb5841356c25460a917d0799cf934710fadf186923d3ec46de65793a
SHA512

0bc29acb66fb7d7002f289f5023725d3ae70453d9e6bcca2d261fa6222537439cbb53c529866c6c3cf4add3c304ec6f2ad50dc406b10e06b3ddd87dd68550d55
SSDEEP

24576:bHfeBx4zrJ+vMz7Jw9OjEQZhv2t4woNz4UJFw8SbBfIz:724zYvwmvkO4woeUJFw8Sb5Iz

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

5e380a2efb5841356c25460a917d0799cf934710fadf186923d3ec46de65793a
.exe windows x86

efe83fc4f14c5dac5b124e6c4faaa2f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarLateMemSt

kernel32

GetCPInfo
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 988KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ