a4229baada8cd37153fdb1aa1b8283c40746376331336daeb084c4062709edff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4229baada8cd37153fdb1aa1b8283c40746376331336daeb084c4062709edff
Size

187KB
MD5

754afbd68131ed19a474650857971360
SHA1

d96caaac1fa52cf6ea07a7e80768191145a6b37b
SHA256

a4229baada8cd37153fdb1aa1b8283c40746376331336daeb084c4062709edff
SHA512

1d1966ca2ebdce0812fb4f544616ef13a1ef3d77b01359139b8d8819b3100f1d5b2e22ad2320864f1128af709c4917af57d7b762369b33b206950098b6c04987
SSDEEP

3072:B+BC3K5eq+kfiDKrvAAJeE5CAzhD6bssjKfdqRCeZmxLvtQ21LB/JPMwIrs4nK+c:rK7PkcoxVMhD2/AdeZmHQ2N844nK+bbs

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

a4229baada8cd37153fdb1aa1b8283c40746376331336daeb084c4062709edff
.exe windows x86

3fbad927aeb9f1ec50f749eaed9685f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtCreateFile

kernel32

TlsAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ