50d604e96b1eb8cd7f091aaf410c236f6d16dfbaa7aeb49b5743ba7e8e375611 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50d604e96b1eb8cd7f091aaf410c236f6d16dfbaa7aeb49b5743ba7e8e375611
Size

892KB
MD5

9262764da520efaf305f68e4f61585a0
SHA1

dfedeb779305a7aa457d7fb67dd663d6446dddfe
SHA256

50d604e96b1eb8cd7f091aaf410c236f6d16dfbaa7aeb49b5743ba7e8e375611
SHA512

8aa75d1fbe8d1182118f3fff3fc0ba14f69e8396021ecb8822210bd4ea8d9eda3169f51cb057f53391d71af355326795218f481d7ec2f277c602472c8f9d08da
SSDEEP

12288:CAjj74cO75tai1PwEbAdJ+6mWR+3rUupktIe3frmRUSftYLoWnU2rCLdfp5HED8d:jjk79Z6GEZ3fiZY8YruRp5kQFj5zD1

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

50d604e96b1eb8cd7f091aaf410c236f6d16dfbaa7aeb49b5743ba7e8e375611
.exe windows x86

15fb345be444e4c5acb95e8311db0234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

OleInitialize

oleaut32

SafeArrayCreate

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 858KB - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ