be2987092828b69d84dc01814f472c96c9294323a0eb4ecbf3e67e27629d75c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be2987092828b69d84dc01814f472c96c9294323a0eb4ecbf3e67e27629d75c1
Size

384KB
MD5

616bc03b096eb1db8ff9776aa7e39b55
SHA1

87119c2a496cc2d521503f7afdc2ef200578460f
SHA256

be2987092828b69d84dc01814f472c96c9294323a0eb4ecbf3e67e27629d75c1
SHA512

4b7d0061b526cb06cf95da440bc088e99ec4a76c12dff1e8c20fda6776fd610637d5bcb570cd4a99d9fa4ddb13b7bf61a91f1c2b8e307ef4591c4ae8d693e364
SSDEEP

6144:YnYzRay7efPZKA8a/wUhzVa2s1p9Y0ElolsSB7HehyZtIuSlKQj3mu:KYd1ixKY/hzVa2Me7oie1Ausxj3mu

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

be2987092828b69d84dc01814f472c96c9294323a0eb4ecbf3e67e27629d75c1
.exe windows x86

11cbdfb47fdc9152560598c88ea044f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA

ole32

CoTaskMemRealloc

oleaut32

SysStringLen

gdi32

GetStockObject

ntdll

RtlFreeHeap

Sections

.text
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ