43375c6d8f5a09ed7c87156800daee6f2b8a6334a1534b7d967c0992ef30d0db | Triage

Sharing

General

Target

43375c6d8f5a09ed7c87156800daee6f2b8a6334a1534b7d967c0992ef30d0db
Size

712KB
MD5

030d1cc4662cad75791e71a5d139bf39
SHA1

b3b95fe13fcffc4f1f04b246468d3a70d2338919
SHA256

43375c6d8f5a09ed7c87156800daee6f2b8a6334a1534b7d967c0992ef30d0db
SHA512

0736b16ee59b44f9c6950a490fdae9f8aa92678cd9fef7594d6caf8c2343125b00be8527424e5949ff5336827e865b216f2a5fb92ec30d0928e867a302e8fa58
SSDEEP

12288:GJ3KTkMM6k2V4R/s567neUjAN7qCaa8s2p1LUcd9bTbCLG8KP7ltPz3De7NmFMDe:A3XMY2WJs6EN7x12p1LRd9bTf8KTPPG+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

43375c6d8f5a09ed7c87156800daee6f2b8a6334a1534b7d967c0992ef30d0db
.exe windows x86

e624870a594abc6704197f7f3e3c5bab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetVersion
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfLowerIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ