4a799d3d66ed84c3e3891e534d64b39c3aaf61e583fed0df7f01934dd4b1ed4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a799d3d66ed84c3e3891e534d64b39c3aaf61e583fed0df7f01934dd4b1ed4b
Size

800KB
MD5

052b92f5fd0e4a2e347a9125e0ab3c60
SHA1

d00b208754343c11b035dc1c0e2c1688a5b1893b
SHA256

4a799d3d66ed84c3e3891e534d64b39c3aaf61e583fed0df7f01934dd4b1ed4b
SHA512

1f66cc3f96be75ce1b2395ea5eb2528c40026dfae5f42a9c84c1665ff83f080a3d1bf314e1acdd70ede54334c864440c416eff213c49d4706a3ea4441b5d8a59
SSDEEP

12288:g83TuYSMxfqBJ2+q/EVCF2aJm4gSQkgdTFEXfn529fwqbf1BuXj8lMQHjnZXuf/z:nDuIARr4ghk4cxYfwqbmXIlFHlXw

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

4a799d3d66ed84c3e3891e534d64b39c3aaf61e583fed0df7f01934dd4b1ed4b
.dll windows x86

76c3fdcf6f2220719706aaa7d2109158

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetExitCodeProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadStringA

advapi32

LookupPrivilegeValueA

oleaut32

SafeArrayPtrOfIndex

Sections

CODE
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 797KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ