6811f8197b9150bb2937b26f8da3f945af557cc418483772246357c1d42fb661 | Triage

Sharing

General

Target

6811f8197b9150bb2937b26f8da3f945af557cc418483772246357c1d42fb661
Size

422KB
MD5

32057a06d73bef047195554b89e9523a
SHA1

aa13a00d7673feebc8d99678bccc583ee180898f
SHA256

6811f8197b9150bb2937b26f8da3f945af557cc418483772246357c1d42fb661
SHA512

f33d170fb3b756bb707495af09ba730d58045210f80f6762465d4b241c4a57d318936b88b8cb28c534833fa8d155a0d423a439a027693e4abd86e23c0d3a5d65
SSDEEP

12288:p+158vGXt3iL3ETIFdLczarkOWGXa7Yia:M8vR3XJWuji

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

6811f8197b9150bb2937b26f8da3f945af557cc418483772246357c1d42fb661
.dll windows x86

544eb09f8662bb9a273aa6df3e174761

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

KillTimer

ws2_32

send

kernel32

GetModuleHandleW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

?close@@YGKK@Z
close
getkey
setkey

Sections

.text
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ