f6ef4563d5adacfc7432ff3dfd340c50a914b4919235180552e7f4f270542bf1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6ef4563d5adacfc7432ff3dfd340c50a914b4919235180552e7f4f270542bf1
Size

409KB
MD5

0821d0aad4e2619e66eb271f4a67e8e1
SHA1

1eb8ad3660fe0822c4593381942d028a94f48cf0
SHA256

f6ef4563d5adacfc7432ff3dfd340c50a914b4919235180552e7f4f270542bf1
SHA512

a7d3c19f9f4524591af99f9d9a6765ffed78794294a17fb41abe50e66619157d0ef79fda2c37a1e859fbc96f4dea2fd4530caac207112b08d9f0f68c91cf12e5
SSDEEP

12288:v6RpfAnL/g7MiLNJjUBQlh2xKUMDkQObtBK4BfSgv:CQQUMqZENgv

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

f6ef4563d5adacfc7432ff3dfd340c50a914b4919235180552e7f4f270542bf1
.exe windows x86

11cbdfb47fdc9152560598c88ea044f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA

ole32

CoTaskMemRealloc

oleaut32

SysStringLen

gdi32

GetStockObject

ntdll

RtlFreeHeap

Sections

.text
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ