2dea6e1deab6a5e7de2cf55901d69b862413c8795e858bb6185778e5e96869a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dea6e1deab6a5e7de2cf55901d69b862413c8795e858bb6185778e5e96869a1
Size

1.0MB
MD5

c0fcedb8a8b50e089bdb80c1e98cb041
SHA1

8fa47d0c0996962b7f3976a63db56ace9c431e86
SHA256

2dea6e1deab6a5e7de2cf55901d69b862413c8795e858bb6185778e5e96869a1
SHA512

33254c3c76c5771e28d84071b262243ead07692da6afff622e5245e537409997338fea3bca9708d703faf6bd2b9da7a08739f0c14922265da70b24490a0aa612
SSDEEP

24576:kINT9Swg/9OnhKXzQ5+RlgIqawhiuIBV1As8PSSWv:t4P4nb8RrqdhivNA3

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

2dea6e1deab6a5e7de2cf55901d69b862413c8795e858bb6185778e5e96869a1
.exe windows x86

2431392754c21b26c4570c8c1bdfe4ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket

kernel32

GetVersionExA
FindResourceExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegCreateKeyExA

shlwapi

StrStrIA

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ