e5f4241329f22c8f525ad9b4a955701dd7a20b48df9b16bdde76290214ca661c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e5f4241329f22c8f525ad9b4a955701dd7a20b48df9b16bdde76290214ca661c
Size

133KB
MD5

69f29616de9ca6e189a31bbeaf703e89
SHA1

e700c0c1607b316162ad178a23045a298b07d193
SHA256

e5f4241329f22c8f525ad9b4a955701dd7a20b48df9b16bdde76290214ca661c
SHA512

9c3b245117f718b819cacb03e20ce12e3df5c80e90940816929d04406ffbed500c328ae5677baada8152ff9900735fb4a9ca2e84d4ce4227cdf415467482c8b5
SSDEEP

3072:sZIyv/5+nT81mXELBbqOH30NO1+QmhItcZgID+A6XM6B:sP/5+Q1mULS0Bm+tcpa35

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

e5f4241329f22c8f525ad9b4a955701dd7a20b48df9b16bdde76290214ca661c
.exe windows x86

8c678cc8d2b9098a86effae995ae2ff1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcrt

__getmainargs

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ