6f9eb9ba24a4d6a4c43b9751fe9caa3e2f5aee813730f89376922ad67198b3e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f9eb9ba24a4d6a4c43b9751fe9caa3e2f5aee813730f89376922ad67198b3e3
Size

168KB
MD5

a0653cf52e0178fa2ece8019ee21e3d0
SHA1

905aad063718efaea4c0928c48cafe1479d356b7
SHA256

6f9eb9ba24a4d6a4c43b9751fe9caa3e2f5aee813730f89376922ad67198b3e3
SHA512

a0fd6b36e64da03680e1f6590df4839f4b777ecf8b235552cec807c9a953845625dc1709f73d1dbf1aadc611c2fda13721b1e9aabecd71ce7223ddb2bc07b3d6
SSDEEP

3072:I4MkafBWAVeAbnz1pNRnDDxGteTaJiGEBAfChihJCAa/6bQianyGb90KwfCEZPPd:I4MpseTbnz1/hDIO8ibBkh8h/5ianTqh

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

6f9eb9ba24a4d6a4c43b9751fe9caa3e2f5aee813730f89376922ad67198b3e3
.dll windows x86

e2cf99944b9db3a78d4f29ef94e67ef5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

gdi32

GetPixel

Sections

.text
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ