b39deb8e277616b6b1cdad3f7eca57d65ce11634868505a1f03861b445a65ea7 | Triage

Sharing

General

Target

b39deb8e277616b6b1cdad3f7eca57d65ce11634868505a1f03861b445a65ea7
Size

67KB
MD5

05859a95210aee138902ef9bac8ce640
SHA1

9f40624d24afcbf51b207045f3c1b9c304d94651
SHA256

b39deb8e277616b6b1cdad3f7eca57d65ce11634868505a1f03861b445a65ea7
SHA512

174c197cdfca98d5ebc2b5be5daff074d30d06f5f30131c9f0310b3c4670df721e6b8d854cf7c00965d8f56aae22bf309930826041700399118e3141dcb931ac
SSDEEP

1536:X3F87Jm2bBsv1y7e/ZjywfN4dKYdaCxpsyxpJZWYNQbObu6dgVnh:X2QEBfS/VlCLRxp55QbIdg5h

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

b39deb8e277616b6b1cdad3f7eca57d65ce11634868505a1f03861b445a65ea7
.exe windows x86

ac525a01983d20605533bc430318094e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 284B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ