822bafa548278d2559660cfec702f0123d02ef0a1d4c23351acaebe28a7a9d3f | Triage

Sharing

General

Target

822bafa548278d2559660cfec702f0123d02ef0a1d4c23351acaebe28a7a9d3f
Size

327KB
MD5

91f1cdf9df39b6c0486277e4ef1818c7
SHA1

cba42ce5ddb87b5a521b6dc569a4296789f5fef2
SHA256

822bafa548278d2559660cfec702f0123d02ef0a1d4c23351acaebe28a7a9d3f
SHA512

65403e6d668b098bba136a7bfa146eab536c68587d55c202c6599539ccfabc9bedec7e60e7ee1284968cbee718781c6dff936f9b76f4cb39db2c2ca5901d27c0
SSDEEP

6144:9KleXWMzLp6p750N0exZUkf0Jx+GQB+TDsAVVEgjDf6STtlvAx0U/pkCm:z0y0ext++ITDBVEeDf6ktloxV/pI

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

822bafa548278d2559660cfec702f0123d02ef0a1d4c23351acaebe28a7a9d3f
.dll windows x86

56beff5cc897774a5827430115437056

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

kernel32

VirtualFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

SetHook
SetName

Sections

.text
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ