744384ca47836d2c789ff3746effbca65046f1c6d79407e778cb16d2fce219a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

744384ca47836d2c789ff3746effbca65046f1c6d79407e778cb16d2fce219a3
Size

1004KB
MD5

90845718a390815e8b723cb3829de2f0
SHA1

3b3ad33da2014aa96238047f3ca5c80d2b2c8784
SHA256

744384ca47836d2c789ff3746effbca65046f1c6d79407e778cb16d2fce219a3
SHA512

e0a8d1e2640acfb49ae94fe373e4231beebd23f1b82d4673c53a80be0e983747a1b60cf87eecc429c9cd603f8fc1e360de109d235e4d0903d579460701e0de1b
SSDEEP

24576:e+2gHNmpwWrY201QsyGbl98QFB4yi9yTJIXB:edggwq9PiBFB0yTJI

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

744384ca47836d2c789ff3746effbca65046f1c6d79407e778cb16d2fce219a3
.exe windows x86

2cc5f0cf1f6f8cd8d68cd90aa6ca4b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_adj_fdiv_r

kernel32

FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 987KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 992KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ