f4ebd9fa84540411d5783228a59802c9e5ee1e833725b6ce25d8155c0cc57fc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4ebd9fa84540411d5783228a59802c9e5ee1e833725b6ce25d8155c0cc57fc1
Size

181KB
MD5

62cedd628b20a7197338e5a805ef1998
SHA1

df818bd3206481734ea2699aede7bd703681259b
SHA256

f4ebd9fa84540411d5783228a59802c9e5ee1e833725b6ce25d8155c0cc57fc1
SHA512

4e78e5ac8916fba42f5d7ff849b4ce9ac40c5f9fc024e6d5c37cd21735a2226c22d3a12354071b4b15905dbe8d9e2f00d6f71280940d4dc45ca085227d1332de
SSDEEP

3072:C+BC3K5eqZAzDhLass30ox1IGFMf49sBHCYwRDKw/HHAW32a57rUxcxjDg7Bshst:6K7ZuhLaLnkGx5Kw/N32MwEgBicG7I

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

f4ebd9fa84540411d5783228a59802c9e5ee1e833725b6ce25d8155c0cc57fc1
.exe windows x86

3fbad927aeb9f1ec50f749eaed9685f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

advapi32

ControlService

ntdll

NtCreateFile

kernel32

TlsAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ