2a1e2d1a6badfd7b0c914ce0554786fea79e32deaa0ff77d8dc703e8eedd2a9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a1e2d1a6badfd7b0c914ce0554786fea79e32deaa0ff77d8dc703e8eedd2a9f
Size

3.5MB
MD5

d30c815c9e13d428430f2a8b4018d3d5
SHA1

49bfdfa3b51befed67fe058d1a9e9cc7d1fea579
SHA256

2a1e2d1a6badfd7b0c914ce0554786fea79e32deaa0ff77d8dc703e8eedd2a9f
SHA512

d6d12e13524e676463c230a7d9b620523550cec37cff7e7ca560670fca86c68eb4e190e2c0c4301e436ae8dbd86038453b4d70140eff5a751e52a165c6d2a3c5
SSDEEP

98304:BExqImDF2tR+HngGnD35oiKx3Qnf1tNkTXaKaCmYkuBzM:wqY+HgGnD35o78NWKZuBzM

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

2a1e2d1a6badfd7b0c914ce0554786fea79e32deaa0ff77d8dc703e8eedd2a9f
.exe windows x64

f4f3033dc6d082dab79624f81575aceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapCreate
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

shell32

SHGetFolderPathW

winhttp

WinHttpQueryHeaders

crypt32

CryptUnprotectData

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ