25e5d9b2047f0378dcadcf4df651a1cd83adedc8c305ec514253ea17f6ea589c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25e5d9b2047f0378dcadcf4df651a1cd83adedc8c305ec514253ea17f6ea589c
Size

178KB
MD5

a0e6462ac70e222e5252d3eb37813180
SHA1

36428eead34df24da241108b4c73a9d71ea0e2ea
SHA256

25e5d9b2047f0378dcadcf4df651a1cd83adedc8c305ec514253ea17f6ea589c
SHA512

1b471e238e7892f007ef1e90bd3f46ca2c5760890b0796009dae8347feea763094d207533bac436ad5e9d7cca113ae1044464b914fe2fefc00282dfd2e90c86c
SSDEEP

3072:h8/hY+D/MHwy+C1y6K2CGOXWmRDUJP0nqJqJBQ3i47SQUDK+7em/DI+G5q4HiLHq:Ghj//y+Cs8CRlZcsq0JBQS47S1K+7JDG

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

25e5d9b2047f0378dcadcf4df651a1cd83adedc8c305ec514253ea17f6ea589c
.exe windows x86

f88d8d11d60b860d8a0d7ccd47d1d7aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
MessageBoxA

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcrt

??2@YAPAXI@Z

advapi32

RegCreateKeyExA

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ