efbf08781cb381be1dd91c8e0f1095e9056612cd1acf5da1445401eed21b5319

Sharing

Copy URL Twitter E-mail

General

Target

efbf08781cb381be1dd91c8e0f1095e9056612cd1acf5da1445401eed21b5319
Size

48KB
MD5

1e144120ac13f8c3e92cd7297d0f11c5
SHA1

1cd04d3bd8c54f6f8bfd626696d0827099e79053
SHA256

efbf08781cb381be1dd91c8e0f1095e9056612cd1acf5da1445401eed21b5319
SHA512

e9df2df62aee5dcfa593e8d673cc6b69884c82464174aa7f1c3a14524f9c3970da4fc02daffd64a034960baf198ffabb6958f3d7b4add74dd3004541dd64842e
SSDEEP

1536:psukY0Lv2Ga2P6AMVDjfp4Ssta8/WS9FcX:psuk5hPcXKSB8uQw

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

efbf08781cb381be1dd91c8e0f1095e9056612cd1acf5da1445401eed21b5319
.exe windows x86

dc2dd904b080953a340f6f94424c3c8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
IoAttachDevice
RtlAnsiStringToUnicodeString
RtlInitAnsiString
memset
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
DbgPrint
KeSetEvent
ExfInterlockedInsertTailList
ExAllocatePoolWithTag
IofCallDriver
RtlAssert
PsTerminateSystemThread
KeWaitForSingleObject
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IofCompleteRequest
ObfDereferenceObject
ExfInterlockedRemoveHeadList
IoDeleteSymbolicLink
KeReleaseSemaphore
KeSetTimer
KeInitializeTimer
IoDetachDevice
ZwCreateFile
KeInitializeSemaphore
KeInitializeSpinLock

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc2dd904b080953a340f6f94424c3c8e

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 176B

INIT Size: 1024B - Virtual size: 832B

.vmp0 Size: 512B - Virtual size: 310B

.vmp1 Size: 24KB - Virtual size: 24KB

.vmp0 Size: 1024B - Virtual size: 688B

.vmp1 Size: 14KB - Virtual size: 14KB

.vmp2 Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 176B

INIT
Size: 1024B - Virtual size: 832B

.vmp0
Size: 512B - Virtual size: 310B

.vmp1
Size: 24KB - Virtual size: 24KB

.vmp0
Size: 1024B - Virtual size: 688B

.vmp1
Size: 14KB - Virtual size: 14KB

.vmp2
Size: 1KB - Virtual size: 1KB