b5b50330389153948106c9a4021df17b107249c5096b118c3b1db20012781950 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5b50330389153948106c9a4021df17b107249c5096b118c3b1db20012781950
Size

156KB
MD5

ee567ceed435d2cf9c6161d8c6b20817
SHA1

3255c0bc6ef1eb4bcf4c8279def62a1a37151c0c
SHA256

b5b50330389153948106c9a4021df17b107249c5096b118c3b1db20012781950
SHA512

a718fb26b826bfaba1a55cd7ad6f5ddadeff17e0b0cf398b822a256f10615dc6d17cacc6407b5e66a7ca14b0fded2d61562175c4a1170f759652c72f6b8e3bf0
SSDEEP

3072:6Fw9UpOi+LWABCSKGfqvSrbga9ev7FallogUJ9gMVm2ZUhSkr:UwqgWPGfvYa9ezsloL0um2Ir

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

b5b50330389153948106c9a4021df17b107249c5096b118c3b1db20012781950
.dll windows x86

201b8f38663f9b28c772bcf0ab03d662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC

gdi32

TextOutA

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ