4f8843fa6b3ffbbf5ff010895defef65e7efe527d5739c0cf12ce80681d45e73 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f8843fa6b3ffbbf5ff010895defef65e7efe527d5739c0cf12ce80681d45e73
Size

8.4MB
MD5

166a3e4ed275e8c67f49211314777401
SHA1

c8bebf8c4a2394eff50a76c9f51ebb2065bc6fc1
SHA256

4f8843fa6b3ffbbf5ff010895defef65e7efe527d5739c0cf12ce80681d45e73
SHA512

158cbc8d5ceef8e2b29495714e2e8c6bae27c3fde8ce02b2683459d56f1684c9b3b563eb820e3c1b0d274cb5276289b2e7ede67e0bd4d1e9b0743ad3c3ad2fc4
SSDEEP

196608:AavIYmiGHyBLsLGv8f2RnMsdbSfA2gr8bFljhJ:rIziGHyy6zPhSfA78RZhJ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

4f8843fa6b3ffbbf5ff010895defef65e7efe527d5739c0cf12ce80681d45e73
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 12.9MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ