50416ecf85e28983fd747e16a084e75983915fb87cdcb429f20d707faf9ca29a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50416ecf85e28983fd747e16a084e75983915fb87cdcb429f20d707faf9ca29a
Size

144KB
MD5

ce2ae77097b624018a67f36e51ebe1d0
SHA1

aba3e45ccd0a4cdbf509ade05652ac51fbcb710c
SHA256

50416ecf85e28983fd747e16a084e75983915fb87cdcb429f20d707faf9ca29a
SHA512

81bf0467494a4fbe0c82a7a2f66a455043a68ba1b7c3fd45e051a4096468ca343a6ee26affa937d8fdb79075ec49f8c67bc9b62343a124738723048ed8c7dfc8
SSDEEP

3072:xVtrvarbi+iJSybC0IHkXATzSYqheeYIoFf+Wm7:btuPSJSybUEXATeDYPf

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

50416ecf85e28983fd747e16a084e75983915fb87cdcb429f20d707faf9ca29a
.dll windows x86

325714ad54d4046d32f3c8a6aadf9c0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC

gdi32

TextOutA

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ