5d16d8eea20dc451cac9dae550747ce99ace813c87f30faaa8dcb1f91d8b1303 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d16d8eea20dc451cac9dae550747ce99ace813c87f30faaa8dcb1f91d8b1303
Size

308KB
MD5

e6b92e643e7d72bdcdbd571f77943c3a
SHA1

ca02bb4bb345aab6d2858f55cc8246e330a0bfa3
SHA256

5d16d8eea20dc451cac9dae550747ce99ace813c87f30faaa8dcb1f91d8b1303
SHA512

2f2e7a32e0c0484b03367343fa138da6648836bd608e1c58db77cc6c26f06afafe0a7d868758bafbc88fdaee156fb9431c16358ef0e657c3a2488b476a14f775
SSDEEP

6144:cCDgGtMOyIcC+7fzp1mso5Q7j71ajz5RveI1AXgiha:cCDHyIuTzisoK7jyqfXgi4

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

5d16d8eea20dc451cac9dae550747ce99ace813c87f30faaa8dcb1f91d8b1303
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 432KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE