c8f9ff38bedbfb66526669f0bbb587bb8dcf91ab3a03aa7606d42dcdd8877ffa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8f9ff38bedbfb66526669f0bbb587bb8dcf91ab3a03aa7606d42dcdd8877ffa
Size

408KB
MD5

fe6622014a2774fc1d73e4d971168aa7
SHA1

242c9caf0bdaf86d483114ae7247ee8faee8102c
SHA256

c8f9ff38bedbfb66526669f0bbb587bb8dcf91ab3a03aa7606d42dcdd8877ffa
SHA512

b62ee0e11405ddb23a84a54ea22d3ebb05def9440eef2803a8d038c40fda2085eb035bc04b519b300fe3b4394eceb9c01cec05a1a57852a337b5bb9a801da50f
SSDEEP

6144:hKkVQxrxKhWu6ujwUvj3iIHOyy86NUDqKfgnqYBuGwfu3Jg:ofxrxKXlPjyIHOFNOhYp3Jg

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

c8f9ff38bedbfb66526669f0bbb587bb8dcf91ab3a03aa7606d42dcdd8877ffa
.exe windows x86

11cbdfb47fdc9152560598c88ea044f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA

ole32

CoTaskMemRealloc

oleaut32

SysStringLen

gdi32

GetStockObject

ntdll

RtlFreeHeap

Sections

.text
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ