01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69 | Triage

Sharing

General

Target

01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69
Size

160KB
MD5

0d2c0bcb10e44bd8e8e20d62ea6effd7
SHA1

467252da77a37130a07df01998926248a287eb14
SHA256

01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69
SHA512

37d779a6933306fb2f45a0d1e50a7d2844669cde42738cac31e3275081efa7452c7adf9bdb33fc633abf4ebf3d8cd73d467b841caf4871e1574aa59e7e49ef54
SSDEEP

3072:+2qUzQVS5RaAAsetOxJsoM94g6jIOmTgMFkI+EuBH9COA8iOP//JNL/poHWA76/:TH5AhoM2Fj8fvu2OAJOPp5/pr8m

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69
.dll windows x86

d87f2fe61bb2ead03eb0b950208a8f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCursorPos

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ