01936db2d05b34fa2d4e0bbb3623bae94dab294ba53f8611f699c972b566b653 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01936db2d05b34fa2d4e0bbb3623bae94dab294ba53f8611f699c972b566b653
Size

327KB
MD5

03b97729adaede0b1407c1a7cf5ecd9e
SHA1

1c1335f096217bcd722f6cc55e16c0e83db018e3
SHA256

01936db2d05b34fa2d4e0bbb3623bae94dab294ba53f8611f699c972b566b653
SHA512

fb165a8cb72b3bd8c29d89c51f44854ae1bf50c7acd26e4f0956e2edd1e4fac12a3837fee822e50c532ac1722168b0c3cac5f56bc83d821c09a51b796b1a4160
SSDEEP

6144:deOPgK19B3SfpogX/0n5WrShmVHVLVRi5kzXycsbws9/whp8b5blW/GeXt:dej28rShm5Vmb1iaQ/x

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

01936db2d05b34fa2d4e0bbb3623bae94dab294ba53f8611f699c972b566b653
.dll windows x86

834656d02a1cdb39789fa5b1887f9309

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select

kernel32

WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

SetHook
SetName

Sections

.text
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ