d24eb7271f72999f9b330a4fbce8ba6905362cdcc6db41be0c6039f7a783430b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d24eb7271f72999f9b330a4fbce8ba6905362cdcc6db41be0c6039f7a783430b
Size

656KB
MD5

97a9a895cc61bf7bdbadbd693431a1a8
SHA1

f2dbc1c58848d55998f5050d77f2578d528b8cb3
SHA256

d24eb7271f72999f9b330a4fbce8ba6905362cdcc6db41be0c6039f7a783430b
SHA512

f153f6626211e0c09b2eaa555fbb13a6f469fc3ab3126363d46d093f397e6d75c6b81d34f7e621775c3f66c0c19c8790c7957b919aff8aec0dbdf105642f99bd
SSDEEP

12288:8kviU5ymZdwmyDSRKwzMU17RGkFMmNuZB5pK3VzU:RKoy2yAjGTrjMZU

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

d24eb7271f72999f9b330a4fbce8ba6905362cdcc6db41be0c6039f7a783430b
.exe windows x86

4d9ac702c9c9212c25bdc092faf0dd53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfLowerIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 655KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ