f02039a77435a427a6f4702730db933bb43c5fea913c2b0323f914f09e6e1c90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f02039a77435a427a6f4702730db933bb43c5fea913c2b0323f914f09e6e1c90
Size

102KB
MD5

1bc44285a2489ad48e46b57fceff45c0
SHA1

abc47e3bc312facc4f6e5ee542f41b8e41181160
SHA256

f02039a77435a427a6f4702730db933bb43c5fea913c2b0323f914f09e6e1c90
SHA512

84b67099fb39a016d8ae695a40fbad4b019901b3334137f65e96b890be4412e32af8c910b1b8b7f00e74150da66777c7435027bde228db0d5e6bc68254511d73
SSDEEP

3072:I3U/7bkUf/9T5n3KvDiQjbwMMHbgm8JeHfEiH/CIPEAAMm:jX/9NnavOBrbgm/cifCeEAA

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

f02039a77435a427a6f4702730db933bb43c5fea913c2b0323f914f09e6e1c90
.dll windows x86

441dca97591f778e27c6c27759487e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

gdi32

GetPixel

msvcr90

_lock

Exports

Exports

??4CFULLCF@@QAEAAV0@ABV0@@Z

Sections

.text
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ