671e490eec3678eeaa636bdf2a2886683699478a487885d17b6ad1283bf4694e | Triage

Sharing

General

Target

671e490eec3678eeaa636bdf2a2886683699478a487885d17b6ad1283bf4694e
Size

211KB
MD5

5b722d1769abbd15ba44759892e3ccf7
SHA1

06cc2772f6162c55dbf3d9aa3241c8d4cc3bd2de
SHA256

671e490eec3678eeaa636bdf2a2886683699478a487885d17b6ad1283bf4694e
SHA512

d7295fa91241e8c2937e7c5d72ef0d2d4aea4995ca778122efd9adfde427d4fe75915246dd96e989a2f074d2b4991d07a974f1b33d320970e3b0be7fa0fd1ade
SSDEEP

6144:xT/4QWMdimVUkObf/P4cHslCLSG9oY7PqX:qQWM8mVUkyLHACLSAZ7SX

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
static1/unpack001/MYfsLS/myfs.exe	vmprotect

Files

671e490eec3678eeaa636bdf2a2886683699478a487885d17b6ad1283bf4694e
.rar
MYfsLS/myfs.exe
.exe windows x86

b5a6a25ad48910612c3a815d19d761e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MYfsLS/河源下载站-cngr.cn.url
.url