7049eddd718c2cd2c97226289a488d0705ea81c98e1dbf7365db5c5c11970124 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7049eddd718c2cd2c97226289a488d0705ea81c98e1dbf7365db5c5c11970124
Size

605KB
MD5

9c509842eab134772dd0f03e066dc698
SHA1

8c009eab8ed84187aafcad303f034eb74cad1e01
SHA256

7049eddd718c2cd2c97226289a488d0705ea81c98e1dbf7365db5c5c11970124
SHA512

31c1c7758c0a0517c121ef5b42b78ec7ac0128f086bf97109bc6c8eb953cf61ae1ef1e2e9b1248e70c9da344b09f2d063c1130f4466d0694ec2e48b881d32e65
SSDEEP

12288:+gdJR/6VFyhKr52qaWMxtqIjpA3fITvOxy5FF6iuNhSrP:+gFXKr527rxtemOxIIiSw

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

7049eddd718c2cd2c97226289a488d0705ea81c98e1dbf7365db5c5c11970124
.exe windows x86

cc989d62f07bff1e971917040eea1b16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

Sections

.text
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE