e869401f52d6d6c1357cb79c64c9074036173f0a555f3e198b5a1faeb65d5464 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e869401f52d6d6c1357cb79c64c9074036173f0a555f3e198b5a1faeb65d5464
Size

117KB
MD5

17a68b4cadd043dab67ac5e0550c4c3c
SHA1

3ad69d244e24f9aad61e8c008668ddc7e6effd88
SHA256

e869401f52d6d6c1357cb79c64c9074036173f0a555f3e198b5a1faeb65d5464
SHA512

5489666fd5928da173ad3886f438e258e70c15e81ab7143c7e06bb9cb84e68e21285e77b46ada5c457cf67782b2c9441078279052ec53032d189942d4834e32c
SSDEEP

3072:Lp3o3nG1FejbzVfKH6awh0WIoHQ8CLr6VQ19PbhePd:Lp3o3G1FejbS6dlt9CLuQ19Pbhe

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

e869401f52d6d6c1357cb79c64c9074036173f0a555f3e198b5a1faeb65d5464
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ