56b3a10a590d96bbc87dc6af196297762b5cea526c2dbbd096177eb886664470 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56b3a10a590d96bbc87dc6af196297762b5cea526c2dbbd096177eb886664470
Size

1.2MB
MD5

9f578a3b11ec5a2db2edaf7d6fdfa388
SHA1

1c698a4e86c9af6c55041ee7e1a6946f0ad22743
SHA256

56b3a10a590d96bbc87dc6af196297762b5cea526c2dbbd096177eb886664470
SHA512

2eda1c62e22b775e65b86c639e91b6c7663b64db372a7bd1dedb5ea4e59a2c2ab09b5bc48e6ef99fc9a751302eefb81ee021ae96ae337324804f05ecfd76a019
SSDEEP

24576:AN/2cxaJgI85i2uJkdndjoIJIP5O2OxU3+vrUje8KlQKxm:AMcUJXGLUaIAP63jKC

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

56b3a10a590d96bbc87dc6af196297762b5cea526c2dbbd096177eb886664470
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 788KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ