bf444dd434f8fcd49a7529a4f99270c390cbb24825243fa26848ebac16bfc782 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf444dd434f8fcd49a7529a4f99270c390cbb24825243fa26848ebac16bfc782
Size

80KB
MD5

af6638cb72c52ca1ede2545222d4db23
SHA1

c0ae30f913429adffc0ad01e66a37d68075bceb7
SHA256

bf444dd434f8fcd49a7529a4f99270c390cbb24825243fa26848ebac16bfc782
SHA512

6222895e6a17a14607057eff7e87c9b1b2116d8f66b1eee6fcaee25e099cba59613f97e0713a80c4f5af766b0094554509008f2fc27d42677de2f8b31238c4b2
SSDEEP

1536:Kf97eNY03VLW0IJZLbv83LVN1clwKoZI73rXN3QChyl6xDHcKD:KfY5VLKDDqLVNAwzZsbXVQChi6xR

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

bf444dd434f8fcd49a7529a4f99270c390cbb24825243fa26848ebac16bfc782
.dll windows x86

e4f5c20014ef7fd9713752ac2cebf00e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord354

msvcrt

_stricmp

kernel32

WinExec
GetModuleHandleA
GetProcAddress
VirtualProtect

advapi32

CloseServiceHandle

shlwapi

StrCatW

Exports

Exports

testall

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 806B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ