2af0d791c3736b28e7b459c8c75cc7663d3c51551c3ff389bb7f0e9ecebc98e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2af0d791c3736b28e7b459c8c75cc7663d3c51551c3ff389bb7f0e9ecebc98e1
Size

160KB
MD5

3165685815620d0d8e1619ca5cdff9d6
SHA1

046bde200b4b6439f63ae5d7de8a6c0e0a4c514c
SHA256

2af0d791c3736b28e7b459c8c75cc7663d3c51551c3ff389bb7f0e9ecebc98e1
SHA512

63b261a81ec2a49fa5f68c0f485374bd33845a272c7a70d8a1c4efd73f98a291d2c4f82face51ccc44a25d3209bc6a3a91cdfd1a0f65c5108712c7ea38de1032
SSDEEP

3072:52qUzQVS5RaAAsetOxJsoM94g6jIOmTgMFkI+EuBH9COA8iOP//JNL/poHWA76/:iH5AhoM2Fj8fvu2OAJOPp5/pr8m

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

2af0d791c3736b28e7b459c8c75cc7663d3c51551c3ff389bb7f0e9ecebc98e1
.dll windows x86

d87f2fe61bb2ead03eb0b950208a8f14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetCursorPos

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ