82f9702896d6e18dbe6e7d85bfc5f8a1d15b22a1638263ba8915f0a76426de5e | Triage

Sharing

General

Target

82f9702896d6e18dbe6e7d85bfc5f8a1d15b22a1638263ba8915f0a76426de5e
Size

568KB
MD5

b71663ea25449309654413f80cb514b1
SHA1

c3c091448648ad491da5ba38e039e884bd1c22b9
SHA256

82f9702896d6e18dbe6e7d85bfc5f8a1d15b22a1638263ba8915f0a76426de5e
SHA512

fd1446b382bfd0ec18b3bd503baf7209dc5a6d16891f420c8a089e36533be6250bbc2acff5a25034aafd5a3ec1d802ffd1c1960750a4e4409a8202730436c762
SSDEEP

12288:TEZNocRXWCBDVo52MDHKFmcUKNM+v0LmKdv24JyvE5cZEhXm:TEZNhzF6520K0c8+MidvycZEh2

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

82f9702896d6e18dbe6e7d85bfc5f8a1d15b22a1638263ba8915f0a76426de5e
.exe windows x86

d15e1dc98da5fac2034b61774ceb1b82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32Next
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMessageA

shell32

ShellExecuteA

shlwapi

PathFindFileNameA

imagehlp

ImageDirectoryEntryToData

msvcrt

??3@YAXPAX@Z

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE