8b48c17fa34c7f59cfa146db36011cbb0f9c0701bbee7046db3adb305137e7e6 | Triage

Sharing

General

Target

8b48c17fa34c7f59cfa146db36011cbb0f9c0701bbee7046db3adb305137e7e6
Size

235KB
MD5

e11e3c35efdc3d02db97fa90495edf2f
SHA1

d586f65d1b07a685a566d61a4990c838ea24b61b
SHA256

8b48c17fa34c7f59cfa146db36011cbb0f9c0701bbee7046db3adb305137e7e6
SHA512

34b4402f324ca8b1bfa30c389565a126b6a979acd71253e7d625071b7188d078623672fc1a725c57a70cb4ba149c5a3eea0937db40fa4ad8fd79a247624dcd11
SSDEEP

6144:qJyRVDvhJwkKb9zbkWk5fIW9SCzxIFa9nEhUH8aCfbBSUZiX:q8jhJvAJxkpIW9SCzzCSHwNiX

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

8b48c17fa34c7f59cfa146db36011cbb0f9c0701bbee7046db3adb305137e7e6
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.nsp0
Size: - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 227KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ