7599a312419bcf5edda82f7c53334e4002a8c4d0df06c4a1a89ef0d6c9c7cdae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7599a312419bcf5edda82f7c53334e4002a8c4d0df06c4a1a89ef0d6c9c7cdae
Size

704KB
MD5

009c55d9d21c1bfcf6b50fc8825be733
SHA1

bd70dfbbe36fa071e94b427ec99a0481a4b14023
SHA256

7599a312419bcf5edda82f7c53334e4002a8c4d0df06c4a1a89ef0d6c9c7cdae
SHA512

6f3b7b92dc8d234a2db8a949df8f6f0cdc124a397e547f54877b24698198703805e381a9a72578da08226eae04c47f9e95ca357aa08eb4bad46cbeb071806ec5
SSDEEP

12288:HuIFr/KCLacuFD1q396F4kV+T5pbVmXtIKyLJ9eg0aLqN7j8V47bnrnXpGt5L90y:OIJKCLavM4j+ke119eN6V47TTpILiDLq

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

7599a312419bcf5edda82f7c53334e4002a8c4d0df06c4a1a89ef0d6c9c7cdae
.exe windows x86

679f57e61f9b5978d44601f24e90d9de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfRaiseIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ