201c8fd5e3ab210787330d3ca90590d4776b295035331d05eba9c3f70e9d276f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

201c8fd5e3ab210787330d3ca90590d4776b295035331d05eba9c3f70e9d276f
Size

148KB
MD5

a7fb3a768a1b17163157084a5f48ce30
SHA1

7abfe99437baf1178b2b54e186671fa971ac91f0
SHA256

201c8fd5e3ab210787330d3ca90590d4776b295035331d05eba9c3f70e9d276f
SHA512

1d0eadca0c1500d99cb6689faef12dc47979cd5aa6f2ef1b0521a85eaecedfdfe83c6ad5becd869a04b1be1a47b6488e8e248c774c0fb943a2cb1e907888bcf4
SSDEEP

3072:tEDAwqfR6W3oY0kUlAlp1ODjmzw12TdHc6P8+5wmNG+7tPqw:tE1w3OlOI3lG860+HSw

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

201c8fd5e3ab210787330d3ca90590d4776b295035331d05eba9c3f70e9d276f
.dll windows x86

50613874316b74dc7f321236cb755963

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

FindWindowA

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ