7a622330499a9a2f32f0d0b734a367a5bc7360a90bbd0c260c8471197167fbba | Triage

Sharing

General

Target

7a622330499a9a2f32f0d0b734a367a5bc7360a90bbd0c260c8471197167fbba
Size

876KB
MD5

0e267e95af4455edbc87114ea2361f39
SHA1

7fc63704794aed4fa84443c3d55a9d68117aa9f3
SHA256

7a622330499a9a2f32f0d0b734a367a5bc7360a90bbd0c260c8471197167fbba
SHA512

c77f4ae3b06e58095d701ee36cb4a8efd6373f5e2cc79cf60a7c4695cfac00b729e597c0462f721a8cd610da17bcc670580d5be093edcfe45ed2adebe1d827f7
SSDEEP

12288:W3XQGMBWZRg1JhIEa7vw+aot4dHrOF7teBkl4PI1UNx8u1GqLFNEBpFho3OM7G/z:WwK354dHrG7tei+PI2NxXFLQn4Tkl

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

7a622330499a9a2f32f0d0b734a367a5bc7360a90bbd0c260c8471197167fbba
.exe windows x86

f5692ea324271bd42a9302876994b194

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfReleaseSpinLock
HalMakeBeep

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 875KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ