98a2bdeb5af97d22e4e6c189a22de6d3381d9eea8d20743223acbbceb508a764 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98a2bdeb5af97d22e4e6c189a22de6d3381d9eea8d20743223acbbceb508a764
Size

538KB
MD5

f84cb3d729f423675d81013614547b14
SHA1

b7e10c5e54a5e56bf040f803e863f8a082673a21
SHA256

98a2bdeb5af97d22e4e6c189a22de6d3381d9eea8d20743223acbbceb508a764
SHA512

a35059e6141efdc7ce0c089f468672421590a634390c7160ca575a55922a187766f221f6038d5cc3073660f87a433b26498135667c997ccea977e56a9c0df7b9
SSDEEP

12288:nAkM004LH0t3XgZskeTHfVLVkoJBMJnu6/jCM2d3VegJiyLCesyn:n7biXgZ6NVkyBM5r2Hiyn

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

98a2bdeb5af97d22e4e6c189a22de6d3381d9eea8d20743223acbbceb508a764
.exe windows x86

c2433de8230db2d4d93f7382b4faa1f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCalendarInfoW
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.wwixkci
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ninjzmc
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isvbhge
Size: 4KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RPCrypt
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ