cef4ce751c29057c5935d2253d8c5a8e208a9bf83b3ff62ea3fd18b467f2716a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cef4ce751c29057c5935d2253d8c5a8e208a9bf83b3ff62ea3fd18b467f2716a
Size

178KB
MD5

f093b7fa5d17444de9d3d6cca20b0ef4
SHA1

b7ffff09da98bd2a2a5af3e8be415b1267512a47
SHA256

cef4ce751c29057c5935d2253d8c5a8e208a9bf83b3ff62ea3fd18b467f2716a
SHA512

8773cdc3a2b536f2b62b34f2a92461125030bd12ac56fb02a4b23621ab3c54b07651b69faa357b742a3e05c8dce82183cc8e621d4eb308199cfacfe396b45361
SSDEEP

3072:WqzXlL8hjg+6ueREB6JTaHsmPBx1yvr8g1uGQWhj354Pb0YgC9I:WqJz3uzm8PhyvIjM7qPb05C9I

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

cef4ce751c29057c5935d2253d8c5a8e208a9bf83b3ff62ea3fd18b467f2716a
.exe windows x86

e7db183913c07f9b7ed77bc716af3c5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
DbgPrint
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ