d558d0d0d5b4e85617c632bc428774c8c6c0bcbefe97fc11054330e0ce4c9f29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d558d0d0d5b4e85617c632bc428774c8c6c0bcbefe97fc11054330e0ce4c9f29
Size

732KB
MD5

04fae4dca43438c53d172d7cfdee00f1
SHA1

75f9f72a0ae4148d9d28504a2d234601c6bc19b8
SHA256

d558d0d0d5b4e85617c632bc428774c8c6c0bcbefe97fc11054330e0ce4c9f29
SHA512

6d80ae26e07ad53f9d56edff1a56d8e937c780d33f7b1dc6fd03f48fffcc2c61d80ad03112b2fbe28551d7db42293f12d7b592deee552fd8d224db61b2ad70a3
SSDEEP

12288:v14u+WEG/tJLQzKLkIKIOvgA82rg+9Y39Yfgl1iXst9rnu5T80NLQi/rY+m5pFi:WuJtZpevgUYmfq10W9yF8eQi/U+cFi

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

d558d0d0d5b4e85617c632bc428774c8c6c0bcbefe97fc11054330e0ce4c9f29
.exe windows x86

1248046c7d356b25cdcc9515083c6e60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strupr

kernel32

WaitForSingleObject
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfW

ws2_32

WSACleanup

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

ole32

CoUninitialize

oleaut32

SysFreeString

msvfw32

ICSendMessage

winmm

waveInClose

Sections

.text
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 700KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ