e3df5fb2e14807962dda5957930f4b0ef6c66cc879af4a1c54b8e4d265a9bb8f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3df5fb2e14807962dda5957930f4b0ef6c66cc879af4a1c54b8e4d265a9bb8f
Size

631KB
MD5

47f19877233f0dab0f9a86c7226b5f39
SHA1

702467d684ba87c27ed5fe20c4bc07299894c61c
SHA256

e3df5fb2e14807962dda5957930f4b0ef6c66cc879af4a1c54b8e4d265a9bb8f
SHA512

5586d14b5f90375ffa7e08b3d039c3a17ccef505f79f186fe85f2dbf72f0f542c7e011e699963ae3611c641fc718b79386fce4014d1948f2525e2090b974c479
SSDEEP

12288:KWzn5gUQcBUEBNi3SAbLI0IZhEb3KHZbeVNsRVJc49U9b5BAg1pxtkT2:KWz5gUQcLBN6fYZh0aHZbl9UJAg1FkT2

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

e3df5fb2e14807962dda5957930f4b0ef6c66cc879af4a1c54b8e4d265a9bb8f
.exe windows x86

dbb8b6b384f910ab0544808c942511d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

wcslen
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfRaiseIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 912B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ