0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9 | Triage

Sharing

General

Target

0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9
Size

144KB
MD5

c7d775b03af2e7ec71f23fa3f736db90
SHA1

cba7fea8d187ceb42d556f060253b68bcfd1a43c
SHA256

0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9
SHA512

10760ab4549a469431f6b5d2e070fdc765228a646ca350f42cc1b263a16612c14977ccf24476e0b4c82952d783bbe7cf9acedef3f534760610cd0f735cbff5a8
SSDEEP

3072:zUDSrg2py+8gbTlu0XBoVbxgGvIWyi7wzhMr2hsqHvz9g+:QDOlpyF8DoVPv4UGhMahsEvz9g

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9
.dll windows x86

cb75e58bd9835ac9e11c07835d0fa0ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

gdi32

Rectangle

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ