e6bff5d5b36f59e46635ea6e03b3b66aace8561f2d1c4d1e5394f546168ab068 | Triage

Sharing

General

Target

e6bff5d5b36f59e46635ea6e03b3b66aace8561f2d1c4d1e5394f546168ab068
Size

560KB
MD5

177eea47c7137b02215be8da20eabb7c
SHA1

f32e6b5596a8ba83df4c31a5a92700496a898fa6
SHA256

e6bff5d5b36f59e46635ea6e03b3b66aace8561f2d1c4d1e5394f546168ab068
SHA512

4ea0959a98e72fd35a60e849c8f476d9d25c189c8b06ae5c657d36b6c8a1e9ef2f76e808dddb45b95de95e3f80ba6f13d88bcfa15c9fa3881e3f58af952de471
SSDEEP

12288:wTHw8041PY59Z7Nas0D3UlZzhLsVx2JqDJectaRA2Z5JcZa9:Tl59ZCbGFhEx2qJect8Z5O

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

e6bff5d5b36f59e46635ea6e03b3b66aace8561f2d1c4d1e5394f546168ab068
.exe windows x86

0b853b0ac7265e96072bd3858c361549

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord537

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 528KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE