48424011620af37388b1741b3966b3c8f06bd98e6fec0e917878a83ce381d7b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48424011620af37388b1741b3966b3c8f06bd98e6fec0e917878a83ce381d7b9
Size

60KB
MD5

f15bedc0a9e3b1b4ad86ee877f0604c3
SHA1

f16f25c014efb7de359fc79fb052a8c2fae6c945
SHA256

48424011620af37388b1741b3966b3c8f06bd98e6fec0e917878a83ce381d7b9
SHA512

3c6557c45f8a5077225d0293c9e345cb4c8c83701afecb6db4a896c99265dd0c511c878cda0ca191b0a11616f22ad24f0a9340c13edc1e035bf4d5525c4fbf15
SSDEEP

1536:t0vv7259efL6NsDlJ+01c5SQDbU2kenigfm3wT:t0vvJOara06btnig+w

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

48424011620af37388b1741b3966b3c8f06bd98e6fec0e917878a83ce381d7b9
.exe windows x86

5ffae0b78389142c643d33f2d2e20ea8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA
MessageBoxA

advapi32

RegSetValueExA

ws2_32

send

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ