7c49620b753fdf540fd87378762ce4ef27023eb06c8b87438652022eb6e14fb1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c49620b753fdf540fd87378762ce4ef27023eb06c8b87438652022eb6e14fb1
Size

707KB
MD5

6625145d5d84d6a885a99ada919e772c
SHA1

8bd950ed2f07602a16933ca21f81734ba932ddfc
SHA256

7c49620b753fdf540fd87378762ce4ef27023eb06c8b87438652022eb6e14fb1
SHA512

452b5d205a87f108f6398a7ac929e15ed9ee9a7c32e8e030ec006fe8858688bd65dfc78361ec9a1fab499dd5342d23ea8ddbf713483572aab8424d84424c4233
SSDEEP

12288:n028foZZGMLVcVFlSQIPUJO5aFYC/R6El+vGjqYJqOmYVz+G0CO8rTl7SZF:nmom4CFlSnPUJOkuWH+zyqO1BBa8rTFS

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

7c49620b753fdf540fd87378762ce4ef27023eb06c8b87438652022eb6e14fb1
.exe windows x86

2d057f606659e75512985a427c034248

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfRaiseIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ