f8a8637de6ed481ff46fb9da859ad76fa147d20d107c85cf9b8b93940df10f09 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8a8637de6ed481ff46fb9da859ad76fa147d20d107c85cf9b8b93940df10f09
Size

201KB
MD5

4556013b048197ba2eb6fe666aa55d88
SHA1

bbd9453ea957574d8f11e91b70d2aec1aeea5cd3
SHA256

f8a8637de6ed481ff46fb9da859ad76fa147d20d107c85cf9b8b93940df10f09
SHA512

55b0ff4374adc9fc466933a6525193c4613d76234e0c95e3dd053e689b991f564a02d67936d979f693f8ccd5e2125038ff54d6b2e43b6b1ee43ef6ca44e2a9e8
SSDEEP

6144:NK7m7cJ+AG5tFahXm9B32P+0Ix39NmQqDOfNvVi:28cJ+75PahIBm4xtNmQqChk

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

f8a8637de6ed481ff46fb9da859ad76fa147d20d107c85cf9b8b93940df10f09
.exe windows x86

3fbad927aeb9f1ec50f749eaed9685f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtCreateFile

kernel32

TlsAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ