bfd1cba44220fb3b5897080805692a67ad4afef0886091307ac426553df37806 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfd1cba44220fb3b5897080805692a67ad4afef0886091307ac426553df37806
Size

999KB
MD5

650c2659a5c60c385ec6ab7ed60d2d20
SHA1

623190a257405145d2ac5cc4061ab430fedfdbc1
SHA256

bfd1cba44220fb3b5897080805692a67ad4afef0886091307ac426553df37806
SHA512

817b734d72e78e178cbcc4be66aeb8c88b17cbb37418ec5d907b2e3b7ac63a04347c752b26fb0edb45fdd68a8144703b7edc7921bc99b49be673ba5f067a3e8e
SSDEEP

24576:A3wy+p4yZXv+AUfE8PuiA9BoxiGA0fqX0J7j:0+CyZXv+LffG/q7A0yX0J

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

bfd1cba44220fb3b5897080805692a67ad4afef0886091307ac426553df37806
.exe windows x86

d5f7a5d0266a94d9dc776938288a21ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoVolumeDeviceToDosName
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfAcquireSpinLock
HalMakeBeep

Sections

.text
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 873KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 998KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ