37749076b67e9281adef9eacdd9f2067d5453f170970bcf0aa1de60383fe077a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37749076b67e9281adef9eacdd9f2067d5453f170970bcf0aa1de60383fe077a
Size

848KB
MD5

4d315bee320517174c0fdffa3e199d0a
SHA1

f91882578a34456a866cceb4717fd6086991c1dd
SHA256

37749076b67e9281adef9eacdd9f2067d5453f170970bcf0aa1de60383fe077a
SHA512

a8db62fd07165342d24b37c745499c1415a2c6d40c5057b96f8f74a0595b248d686b2ed011d83ba4adf5bbbaa3ee162701eeeb5a85c07b4daaca18ae45b602d6
SSDEEP

24576:9zcSGcOb+pFZJln+U+/hlJ+/VkVtBlOra:VcSG6F5+U+5uVI/Q

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

37749076b67e9281adef9eacdd9f2067d5453f170970bcf0aa1de60383fe077a
.exe windows x86

b3f35ab8842b123dd3fde8cfcf88fd43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaI2Str

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ