d179145892623b28f7cdcf1ad9659cd93a9ed8f6991a86830d044f8ddd17deb3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d179145892623b28f7cdcf1ad9659cd93a9ed8f6991a86830d044f8ddd17deb3
Size

456KB
MD5

bda6f0e3690e9ab70c0c2fdee90db7e7
SHA1

0f04596b8dd0046a90b98344bf40f9740b67a3ea
SHA256

d179145892623b28f7cdcf1ad9659cd93a9ed8f6991a86830d044f8ddd17deb3
SHA512

900b67ae7fce8c3cd3ad90d619151941062af45e6ec638ee1cb1da487d6065449a05730ae99566f33c6a661d995193c976d21713a0c6ded71adede6a97ee8da6
SSDEEP

3072:EJm9NsQXrVxOO8u0B9aGejdnq+ILG+aSUDY8YOnz/wjUuNBxhW0JJm9NsQXrX:EJmst3b+kG+aGqnju1UCJms

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

d179145892623b28f7cdcf1ad9659cd93a9ed8f6991a86830d044f8ddd17deb3
.exe windows x86

d6fb6b59508cc8ad71eb3e6d73205e5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord661
ord662
ord593
ord594
ord595
ord598
ord520
ord525
ord632
EVENT_SINK_AddRef
ord529
ord561
DllFunctionCall
ord563
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord607
ord608
ord531
ord716
ProcCallEngine
ord644
ord645
ord571
ord578
ord100
ord613
ord617
ord619
ord543
ord544
ord546
ord547
ord581

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ