753a7f6751f2cd7cb099c1edd5e6a82de921cb0505ae42dbf999b1ae8c55e36d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

753a7f6751f2cd7cb099c1edd5e6a82de921cb0505ae42dbf999b1ae8c55e36d
Size

73KB
MD5

d4314f927069d7014d7f25c33b36e157
SHA1

96c02e465600c771ad1e499516ba5c93e26cd2f1
SHA256

753a7f6751f2cd7cb099c1edd5e6a82de921cb0505ae42dbf999b1ae8c55e36d
SHA512

d7caff1fcf448c1f957781f20cf94c18afc46591a252b934a78b14f51a1420834d2ea73a87c3130f8fded04be4e8d1e248828cf18d979e6f8e84fc7280897d0e
SSDEEP

1536:FN0s+YyxFXcQVen/ApnToIfs+Rcr5ZSN7n/Mp0zA+V/R8:j0s+YGen/ABTBfs+Rcr5ZSN7n/+0Z

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

753a7f6751f2cd7cb099c1edd5e6a82de921cb0505ae42dbf999b1ae8c55e36d
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Install
RundllInstall
RundllUninstall
ServiceMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ