2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f | Triage

Sharing

General

Target

2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
Size

318KB
MD5

537402ee556a3cd05552ec9a64a2ef07
SHA1

12768e31c3268fc76c701bf128be96c946fef45a
SHA256

2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
SHA512

a4bd2246726e4f425d1cd7e01e8e6a75bb41776b08c41c0c40314f36acd2d320dcbea4bd57cc4cf30d8931ddc9c996e76e884962ea0375b314fc491e56fa3a5d
SSDEEP

6144:i6BDSXv3WyRljOpYwo+XqidUtmko1vMAvcvyEmut6R4gocnwgv/p+ZJN:i6BKWyRljgYUXqKomko1EzvM7nwGp+Zn

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
.dll windows x86

512b7ddcd4b1665277ca72fa1f9e0ccb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
HeapSize
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DispatchMessageA

gdi32

ScaleWindowExtEx

winspool.drv

ClosePrinter

advapi32

RegQueryValueExA

shlwapi

PathFindFileNameA

oleaut32

VariantInit

Sections

.text
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ