513a7981809e7d040b4a3f122ed713320da26ce63f1a1decb49fbc128eb8d3d3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

513a7981809e7d040b4a3f122ed713320da26ce63f1a1decb49fbc128eb8d3d3
Size

719KB
MD5

39b0a56eeb9ed384f1c072bede63153b
SHA1

a9060ae0c6b47c44714affcd2b4bd4c4c07ba4c2
SHA256

513a7981809e7d040b4a3f122ed713320da26ce63f1a1decb49fbc128eb8d3d3
SHA512

19161be907d8eafc53a00b95aeeb2cb38eeb8fa22c1de22ea9ec0dd3c17f2366ee4548c41b946009deb4d594e1038a9a095da35aa0655ece2db9e02782951254
SSDEEP

12288:Vbi7wGNjwXG6qEmNibSDg3bnZ8nvLLgVBoUm4oOUGmKfAbD4B8UeIHx6rv/bhSg0:VG7wGIdINi13zZ8njoof45IH4e1Xz/bE

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

513a7981809e7d040b4a3f122ed713320da26ce63f1a1decb49fbc128eb8d3d3
.exe windows x86

4eb2f84985b4b8af477d4a053becf3d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwQueryInformationFile
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KfRaiseIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ