3797b528e6dea9f3e5f85357d639511ea10ebb3e064bb2dc374d9e7b71cbdd79 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3797b528e6dea9f3e5f85357d639511ea10ebb3e064bb2dc374d9e7b71cbdd79
Size

216KB
MD5

4360619606c2ad837731d61432a12861
SHA1

5786213a06ed190e78e13f3cf0a094e19c73aff9
SHA256

3797b528e6dea9f3e5f85357d639511ea10ebb3e064bb2dc374d9e7b71cbdd79
SHA512

785f8050845d3eafe5bf616f352c4af6b1450ac9f0af15634e72e013c2e710c3a615b7823ef547240a4bb20ccca9ef9a84487bf56ffc15210af516538afd4803
SSDEEP

6144:AI9EQ7Jy5SntIXM0RLM90FYvel8llE5dhKKIlgw4HG:AxQ7K8tIpRLWYYGl8/E5dhK7lgwmG

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

3797b528e6dea9f3e5f85357d639511ea10ebb3e064bb2dc374d9e7b71cbdd79
.exe windows x86

9cb25f0b5e7e72348a4b0af8de3ca1f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

kernel32

CloseHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ