570ed5e0a43fabee33d69191073bd5270c7d23430da8b41408025f709e01cf0b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

570ed5e0a43fabee33d69191073bd5270c7d23430da8b41408025f709e01cf0b
Size

736KB
MD5

e946fc69a66d20dc72d101d86d852bb5
SHA1

8f0a1eab4ffce203d16e6255b09f674aa0131342
SHA256

570ed5e0a43fabee33d69191073bd5270c7d23430da8b41408025f709e01cf0b
SHA512

8d729bff48e9510b6ede54f6573d64a032da91564704f1cde8495fca9d33e55f03d22123d74133a769b37ca251b2ebd7a0e8ba71f75e69f6c296e91621f1be16
SSDEEP

12288:xmG7Nz6EeQD4b9+haFmdmmohyhAVzQdWhjPOIF2VgT88MOWSNaNIIRw+Gk4I+3tZ:gG7EuOAAYVy3jZcVgTdzWSYIItz4Ryv+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

570ed5e0a43fabee33d69191073bd5270c7d23430da8b41408025f709e01cf0b
.exe windows x86

3cda15de1ee49f090d18d3182950d380

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeSetEvent
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfAcquireSpinLock
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 990B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 734KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ