b184fe8dc6f20896b9b0bc886b75bace8ac89f14095ae30a57f1c89304b6deeb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b184fe8dc6f20896b9b0bc886b75bace8ac89f14095ae30a57f1c89304b6deeb
Size

156KB
MD5

385413831a39f1b84b91b1aefa97240a
SHA1

9be1b5449a2231da4becb8fd6f2d9f891361e4bd
SHA256

b184fe8dc6f20896b9b0bc886b75bace8ac89f14095ae30a57f1c89304b6deeb
SHA512

11133a3e195eb9d82a4c6907efe4a6206ec29d89f602d3f804a1bad586275488353bf8a0ff80bde0bc7c02346089c2efabd9c970aea07657b8634dfd4246a4a5
SSDEEP

3072:Xml4DpP4E0Qlz7evBSVGNVT4fyCsxRAAW9AW08:XPlB0unRVGNVUfyCsxmSf

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

b184fe8dc6f20896b9b0bc886b75bace8ac89f14095ae30a57f1c89304b6deeb
.exe windows x86

8b8d7d886db5df95907d468189708634

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_controlfp

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

SendMessageA
MessageBoxA

comdlg32

GetFileTitleA

ws2_32

recv

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ