ea2d93060c51d00a50d09cd9bf08765d8d64f3a7f4923d3027576624603adc98 | Triage

Sharing

General

Target

ea2d93060c51d00a50d09cd9bf08765d8d64f3a7f4923d3027576624603adc98
Size

657KB
MD5

de0d068845f22bb19878fd9c579e8343
SHA1

4486d30291dbb8144944a1f24512f9fe42c36ed6
SHA256

ea2d93060c51d00a50d09cd9bf08765d8d64f3a7f4923d3027576624603adc98
SHA512

86abbdfd7aa50a1c4ce10045a419dda227aa1a176d18a0df02be3185d9ea5d42d1248c3a4b0bb60cd616147892db46ae9cdf6f601dd106c505563c310358aed4
SSDEEP

12288:ojtrBTTYv3ZPRTQCucjLdRq2RRSQdGQfWF1r0X0bU/IjvPj0wnh4NgjUhLDK6UvU:o9BT8zTxuWLdRFjd9+300bUQLb0wv4tR

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

ea2d93060c51d00a50d09cd9bf08765d8d64f3a7f4923d3027576624603adc98
.exe windows x86

cc770d7d8e5b523e0e982232a92a1c2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentThreadId
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ