61c243304f45e77da4c78ff80b76b6eb17c1e92cea9fd43ef3a826ceb30c0ad9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61c243304f45e77da4c78ff80b76b6eb17c1e92cea9fd43ef3a826ceb30c0ad9
Size

506KB
MD5

af24f185953d245a6aea56e59f2b5305
SHA1

34275c171f77ec4029612b189fa9737b3549163f
SHA256

61c243304f45e77da4c78ff80b76b6eb17c1e92cea9fd43ef3a826ceb30c0ad9
SHA512

b2661762961a6f9abad060573d8f4f93ea880fc6db3903ad611d4a968f0baadac2df35f71a8c810458428860462934fc7dc80b19efc17a71947d509658db9b4c
SSDEEP

12288:XNSGRUlCDPjxdA8p0Yfc3KV3EvzLTvQPeujACPYzN:9UloNdA4N03KKcZACPYzN

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

61c243304f45e77da4c78ff80b76b6eb17c1e92cea9fd43ef3a826ceb30c0ad9
.dll windows x86

76a05496a3b94a4e4a169f16b9862ddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

OffsetRect

winmm

timeGetTime

d3d9

Direct3DCreate9

Exports

Exports

GetSysInfo
InitD3D10H
InitD3D9H
ReleaseD3D9H

Sections

.text
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ