915566abf60b4809c949cb02ffc84c14f71a0ec9459a88085f5c0fd80f7ccd9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

915566abf60b4809c949cb02ffc84c14f71a0ec9459a88085f5c0fd80f7ccd9c
Size

740KB
MD5

a1396cabc7232c06a913bd2a2a226f3f
SHA1

62ac4d0b5d0a1d61247a7af35061bccf4fc1708c
SHA256

915566abf60b4809c949cb02ffc84c14f71a0ec9459a88085f5c0fd80f7ccd9c
SHA512

ee86686839622ddccb66a4c76394d7d9ad505610cdb777e43feb523590e64abc390a008394b80d9c4f5ecbd1384bf64b5a82e6949201523eb02ca85335b17972
SSDEEP

12288:xgG+DpPSWSh/7ey0HZ65pDNCl1Fychomzc3Zt2+2jAglg//UASMofvUx6CEw3wEn:xgwCtHZupDNxEDz6T2jA/c7fhuwEd4Ex

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

915566abf60b4809c949cb02ffc84c14f71a0ec9459a88085f5c0fd80f7ccd9c
.exe windows x86

3c7dee844d8979bc14b47d584751aaf1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePool
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfRaiseIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ