70e21fbde33523408a5872aa8cb6eeef3e0b810dd8243bb13285f1477b56974b | Triage

Sharing

General

Target

70e21fbde33523408a5872aa8cb6eeef3e0b810dd8243bb13285f1477b56974b
Size

1.7MB
MD5

07b0060556bbab391fa9d530af55aaea
SHA1

c1feec98679ef73e49c0595efbdbd1e1a67f980a
SHA256

70e21fbde33523408a5872aa8cb6eeef3e0b810dd8243bb13285f1477b56974b
SHA512

f2eacf830d88b2d643e5eb0096ba237b8c5a81b1db60940698250c06b67ed205f1cca4b70aade7fdec04b532b29a7775d2452db97b8cfc19be4bf61e19e40474
SSDEEP

49152:LoHxGeoPseo7ZBj6MVn/X5+O6SM3BeaVrv:LoHx/oEeoxVPMO6txv

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

70e21fbde33523408a5872aa8cb6eeef3e0b810dd8243bb13285f1477b56974b
.exe windows x86

b892cdc9d5ff85321c48f1ee36d8fa68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_AddRef

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE