64a10a812dc55d99c04d28f77b7944a0d161f880af5f6c8d273b9e7871299a98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64a10a812dc55d99c04d28f77b7944a0d161f880af5f6c8d273b9e7871299a98
Size

696KB
MD5

77aa85c773bc7eb45cc7eaa50a212b3a
SHA1

8bdc8c9ec680128d142091ec4e3ca51147342583
SHA256

64a10a812dc55d99c04d28f77b7944a0d161f880af5f6c8d273b9e7871299a98
SHA512

8fb330095959d6136f314d32158b12d102bb294c4b0e8d7957691cd9c31b52d7a125405dd98de9ca45ac38ec4938c6705d799bbecc2649528ee9d8a63036293a
SSDEEP

12288:z9sEqUEHhyRHJRG12dqNt0x+0PldUe77u9Bo0amodeq8aVX17tEU/GBG36A7vbHb:zSUEHyNqNtcTddr77+o0aFT8gX17qUuI

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

64a10a812dc55d99c04d28f77b7944a0d161f880af5f6c8d273b9e7871299a98
.exe windows x86

f02029decc4e97de8ed4d338ab9f5658

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfLowerIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ