f1b3de6b6bd097f782b42adf221097c9766ff80a28f4e467270b6ff2719041ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1b3de6b6bd097f782b42adf221097c9766ff80a28f4e467270b6ff2719041ac
Size

166KB
MD5

745064fecef523861aadc1bc7cf798bf
SHA1

66aae397712c4ce08e1a8bb7638b4c2f58a246cb
SHA256

f1b3de6b6bd097f782b42adf221097c9766ff80a28f4e467270b6ff2719041ac
SHA512

25484790a30f19df92d5a716ebb6c9e58d97e17c477f99aa122b96106e7397cc0c8e65a80e3c9cdade1184530cf9f0e9e68ac8cdb35924be0b1c1dc9532bd460
SSDEEP

3072:e+BC3K5eqOlWFXafk2Au47Z/PxEKjtsW4TCBbmXuXasuQCaBW1z:uK7OlWMfkPLNHxJjX4OBq4asaNV

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

f1b3de6b6bd097f782b42adf221097c9766ff80a28f4e467270b6ff2719041ac
.exe windows x86

3fbad927aeb9f1ec50f749eaed9685f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtCreateFile

kernel32

TlsAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ