9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165 | Triage

Sharing

General

Target

9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165
Size

1.3MB
MD5

4d528c349a52e5e6c2895232b7aa6e2d
SHA1

e948bb66219631d078d556c25442364129312044
SHA256

9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165
SHA512

e95f44f81701275b8c2a60b6980522c5ccd8d1c5f7724019f33780735cdaafae8dc6a87d5e8a03b2bbeab0b2ea7e0ba38271b07550d7162b2c0a9fe1b128e5c7
SSDEEP

24576:YUU3jIP9B0ua2tdRUV5G0329TqgszJLZ5TGpszIokcF0K+QjX:cQ0x2tdmXgqgszJLbTMqhtF0PQ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165
.exe windows x86

a677c659fe874ae674411d2bdb5e6379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

OleInitialize

oleaut32

SafeArrayAccessData

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ