5d40296af65b3166e4b17048520351b8867be892d47d711223cb3daaaad07e1f

Sharing

Copy URL Twitter E-mail

General

Target

5d40296af65b3166e4b17048520351b8867be892d47d711223cb3daaaad07e1f
Size

813KB
MD5

7bd362cd2e7935850ce5467a9df3996e
SHA1

6f2d416970a1a7582fd264f18aa433aa3cd44f62
SHA256

5d40296af65b3166e4b17048520351b8867be892d47d711223cb3daaaad07e1f
SHA512

716588017c0c48deae0431e16bd4cc2e91aa3ca7c69b08b4f6019d70b1876335a2d52393fd05fc6e12319946fbf86b1b1e5afcca276857dc1a0ed6b0ae7ed171
SSDEEP

12288:gGvPlWzNmhXT+CAq4SKWjnBLRphFMCOxqj6s2TFQBbIQ5vlqN/D:XWJEXTAqxKWjBLLN62FI6Q

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

5d40296af65b3166e4b17048520351b8867be892d47d711223cb3daaaad07e1f
.exe windows x86

dfd27743774d1d7dad3daf28d4bfcb1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapIoSpace
MmGetPhysicalAddress
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeGetCurrentThread
IofCompleteRequest
RtlAssert
KeDelayExecutionThread
KeSetPriorityThread
MmUnmapIoSpace
KeInitializeEvent
memset
IoAttachDeviceToDeviceStack
ObfDereferenceObject
ObReferenceObjectByName
IoDriverObjectType
IoDetachDevice
_except_handler3
PoCallDriver
PoStartNextPowerIrp
IofCallDriver
memcpy
ZwSetInformationFile
ZwFsControlFile
ZwCreateFile
RtlInitUnicodeString
IoRegisterBootDriverReinitialization
KeSetEvent
KeWaitForSingleObject
ZwWriteFile
ZwReadFile
ExAllocatePoolWithTag
ExAllocatePool
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IoFreeIrp
IoBuildAsynchronousFsdRequest
_allmul
IoVolumeDeviceToDosName
_alldiv
ExfInterlockedInsertTailList
IoGetCurrentProcess
PsGetVersion
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
RtlAppendUnicodeToString
wcslen
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
DbgPrint
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwQuerySystemInformation
RtlCompareString
strncpy
strlen
MmGetSystemRoutineAddress
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
strcpy
KeInitializeApc
KeInsertQueueApc
MmMapLockedPagesSpecifyCache
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfLowerIrql
KfRaiseIrql
KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 811KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfd27743774d1d7dad3daf28d4bfcb1b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 19KB

.rdata Size: - Virtual size: 460B

.data Size: - Virtual size: 1KB

INIT Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1KB

.vmp1 Size: - Virtual size: 723KB

.vmp2 Size: 811KB - Virtual size: 811KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: - Virtual size: 19KB

.rdata
Size: - Virtual size: 460B

.data
Size: - Virtual size: 1KB

INIT
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1KB

.vmp1
Size: - Virtual size: 723KB

.vmp2
Size: 811KB - Virtual size: 811KB

.reloc
Size: 512B - Virtual size: 248B