5cd3d90be838899acdba93aead84aca5dca9e6734cd37cbeb389a9fb9bca1a27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cd3d90be838899acdba93aead84aca5dca9e6734cd37cbeb389a9fb9bca1a27
Size

156KB
MD5

9c4efc3bc3d690df38819b349bb89dd0
SHA1

0af6a82a04d0141296a1483173d9eae884c3a9b2
SHA256

5cd3d90be838899acdba93aead84aca5dca9e6734cd37cbeb389a9fb9bca1a27
SHA512

7e21666361db779c3e755ab2f8403783c47c97639ed85448883d318e09311e9d4da10f0c9bd930863b867a4cb73581fda952a1b941979ad170aa5db343843fc2
SSDEEP

3072:Onx9Z+bvjo5TIaGHw4kwJzpeDLzsDDGdUa02xK4epROH1D0iY9B:+b+XBwCJz0DEWUE113

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

5cd3d90be838899acdba93aead84aca5dca9e6734cd37cbeb389a9fb9bca1a27
.dll windows x86

772091a4d800402d7c670dbe37cea3c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ