096c0ece1c3e4ec6e71f5de783385e9d563c85b6141a762bc79f301ac856c1de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

096c0ece1c3e4ec6e71f5de783385e9d563c85b6141a762bc79f301ac856c1de
Size

268KB
MD5

cf3147f7166f12e58fdeb42349517659
SHA1

20ce3c10cae809eaa39e2b14c7df9cc22a2c3b55
SHA256

096c0ece1c3e4ec6e71f5de783385e9d563c85b6141a762bc79f301ac856c1de
SHA512

2926168dd0631bbe27b5dda8d0e363d6e326085ad7b36651964575c642d428e38884c0d9bccd3bbc6fad765920d891b2b21668d7bbdbba864dfda2c03a7f65f7
SSDEEP

6144:IdvEi9BabBL7pbjW6t7E5fjfhWO9kfdkqf/xTJ:Ih7UV7xrE5fjZWpfdDf/1

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

096c0ece1c3e4ec6e71f5de783385e9d563c85b6141a762bc79f301ac856c1de
.exe windows x86

71325cca1538100ca29d295e537161a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2055

msvcrt

rand

kernel32

GetStartupInfoA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SendMessageA

shell32

ShellExecuteA

winmm

timeSetEvent

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ