14b622a31b2e21eae8d319e34916488b96553570b0ebc5a2117a5c7ad3055e87 | Triage

Sharing

General

Target

14b622a31b2e21eae8d319e34916488b96553570b0ebc5a2117a5c7ad3055e87
Size

125KB
MD5

d8f95e046a19fb87ea9787b0859a0f93
SHA1

50dbbfebff45bb4f46b34623a8a755c7a307e8b3
SHA256

14b622a31b2e21eae8d319e34916488b96553570b0ebc5a2117a5c7ad3055e87
SHA512

eb8612e5a97c6648151577affe5fb9f8791e00de44cbb81ec55369bfc133ce1b9815bcadc3b5109b624c62a3f55f51f5decda6893995d6a3ba1ffdc6ae4f636e
SSDEEP

3072:bM1DQacLT040wvEq6y2PEONynGPxwcPDIwPhD:5aWQ40wvX2KG5wODIwJ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

14b622a31b2e21eae8d319e34916488b96553570b0ebc5a2117a5c7ad3055e87
.exe windows x86

7c95fbb11767e0e85ccf58302041ab41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

advapi32

LookupPrivilegeValueA

shell32

ShellExecuteA

msvcp100

?_Xout_of_range@std@@YAXPBD@Z

shlwapi

StrStrIA

msvcr100

printf

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 998B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ