32b49ab59e0838cd633c828a9b340bb639ca65d8bb242882e1c6736a4dc9462e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32b49ab59e0838cd633c828a9b340bb639ca65d8bb242882e1c6736a4dc9462e
Size

196KB
MD5

829274abf515aed0737150c3a6c0e3c0
SHA1

7c35f205e1be9053b84b1db8e7bbaa1e477e3ec6
SHA256

32b49ab59e0838cd633c828a9b340bb639ca65d8bb242882e1c6736a4dc9462e
SHA512

c6b508063fbb9eef49d6efe767ad3229e17c9eb2d965dbb1d1429fd5b46fabea13ef5486488898b74d081f131c8c07189b9a6e73236fa1c90f87f7e6ec9b1b86
SSDEEP

3072:QaGjKZRSaNESVKYhQT/Yy1qGYXsLYYtwtomygsu++T7LtH03jF1EH:bTSavVKYeDY+qGkssFtXp++T7Lg1EH

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

32b49ab59e0838cd633c828a9b340bb639ca65d8bb242882e1c6736a4dc9462e
.dll windows x86

0b2db0d22d0700cf8c46dd914f267487

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBeep

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ