f13fce55e096f6188f7d5688d0afff6f9dd95db64fb976e2ab3b142a9a07a987 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f13fce55e096f6188f7d5688d0afff6f9dd95db64fb976e2ab3b142a9a07a987
Size

41KB
MD5

deab54b5a3d631f9c965e06810a62fba
SHA1

a0ce66c791036440ec3cf00e96d8c69219c79db5
SHA256

f13fce55e096f6188f7d5688d0afff6f9dd95db64fb976e2ab3b142a9a07a987
SHA512

6754c56e8f4aca64984659164d0f7e6d57b43d456dde83cc2913b788c0d2ffd2b066d77a90a5f8e376331aa9972fcc4712dd01a1fd7467c246799623e9f4c8ab
SSDEEP

768:SfVMAGt57LbjkM3KWqgiReTT2OE5OWkiB5Vz6M7yZ4325O2knXdkn1HYV:SdMAGt57LbYM6mx2OE5OW+AyZo4a6Nk

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

f13fce55e096f6188f7d5688d0afff6f9dd95db64fb976e2ab3b142a9a07a987
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ