d00151f9462b7381251d19527c54651b26ed96cd3a038edc298293c5999d2e44

General

Target

d00151f9462b7381251d19527c54651b26ed96cd3a038edc298293c5999d2e44
Size

127KB
MD5

81da5802aac574733acf97cb42f88460
SHA1

069af6bf87b584d85a9a3435a3320d5a5113d69a
SHA256

d00151f9462b7381251d19527c54651b26ed96cd3a038edc298293c5999d2e44
SHA512

db5d1b274074a24967a554044b153da3d12928018ff234998fd27a7203943c749c76094fc330543643e3ce4188014ad79f6841d0840f29849885073a17cd2b3e
SSDEEP

1536:KdP1PKynENXFcj1DE4zK6r44f/YwbImqO8v5M7z42hno1AChzozmH6U445fL13cI:KdoNqBpzlfYwfqxmw22CzAxZFcpran

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

d00151f9462b7381251d19527c54651b26ed96cd3a038edc298293c5999d2e44
.exe windows x86

0b0fe7cc13df1e37375e1605c1f996e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeBugCheckEx
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeRaiseIrqlToDpcLevel

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1022B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b0fe7cc13df1e37375e1605c1f996e3

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 548B

.data Size: - Virtual size: 264B

PAGE Size: - Virtual size: 238B

INIT Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1022B

.vmp1 Size: - Virtual size: 87KB

.vmp2 Size: 126KB - Virtual size: 125KB

.reloc Size: 512B - Virtual size: 156B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 548B

.data
Size: - Virtual size: 264B

PAGE
Size: - Virtual size: 238B

INIT
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1022B

.vmp1
Size: - Virtual size: 87KB

.vmp2
Size: 126KB - Virtual size: 125KB

.reloc
Size: 512B - Virtual size: 156B