91b5200e5ec769c631904de562771f04caa8d86148643c784aa35351ba829d25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

91b5200e5ec769c631904de562771f04caa8d86148643c784aa35351ba829d25
Size

1008KB
MD5

929363b556fa96a77ce7ecd29aa15ab0
SHA1

ed591dd4c4cf561731af2b7ed2ff1b84714c1ad2
SHA256

91b5200e5ec769c631904de562771f04caa8d86148643c784aa35351ba829d25
SHA512

3930b2177079a7fa7e1198ddf5a844ab04ab256d7ed6e46209e3af8344086883903e9e6907eb892d936f00a0d848ef1ef8058e3041a35ee31ff7d6d0f01229c2
SSDEEP

24576:Iqx6P4JJjb6HHRso45I18TYXxCA3x5922Y9/Wz9QiO6:1x6PAjb6KoAI1nZ1FY9/Wz9Ql

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

91b5200e5ec769c631904de562771f04caa8d86148643c784aa35351ba829d25
.exe windows x86

fde482c13d52c8728fc43ebb61a7c365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord711

kernel32

GetConsoleMode
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 996KB - Virtual size: 993KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ