2d9a79be2dc9755b9cf3a4e144df81ced829d5edde416fc30298266be898d768 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d9a79be2dc9755b9cf3a4e144df81ced829d5edde416fc30298266be898d768
Size

252KB
MD5

15582968970ca86ce72f201c53f9e1a0
SHA1

e113d69916257383e70ed95addbf07ce44a1a632
SHA256

2d9a79be2dc9755b9cf3a4e144df81ced829d5edde416fc30298266be898d768
SHA512

94cc2a5c40a1b5794d95ddc031a06362b2823703320fc4602ec7027ea3f26d6e66ae9efe4e7f45b4498d6782e943e53a7329a758299f4c57e112c1acca822102
SSDEEP

6144:a+V2pe0FCuxeNhNXm9SvtymOO5H5tFWuE5+:aWmFuNDXT2OjtFWF+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

2d9a79be2dc9755b9cf3a4e144df81ced829d5edde416fc30298266be898d768
.dll windows x86

d4de9c2c8df43a912e5db1fce6f68278

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersionExA
GetVersion
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharToOemA

advapi32

RegOpenKeyExA

oleaut32

SysAllocStringLen

Sections

CODE
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ