c8ece304cb53d61231f48490a5e5e7ba73a7633bf1c3e497c7b5b53a1757ca69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8ece304cb53d61231f48490a5e5e7ba73a7633bf1c3e497c7b5b53a1757ca69
Size

124KB
MD5

d67f5ee0492ce878692602145f27fee3
SHA1

50d13152f78814a901e1f08d4de22297a4f27585
SHA256

c8ece304cb53d61231f48490a5e5e7ba73a7633bf1c3e497c7b5b53a1757ca69
SHA512

6083b6f117615eda6be5af8afdc7e978be706dae3a9e4989126cdc0310f96f05891bf70f363bd633d6db732ed1032cf4dc84a911fd68131f80841146e897ace4
SSDEEP

3072:0oEpyerHxMCFuFF+mtV+bGLIAh/u02swj:1EDxdIR+bG8vTj

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

c8ece304cb53d61231f48490a5e5e7ba73a7633bf1c3e497c7b5b53a1757ca69
.dll windows x86

11c4e2d0439134b7ec42a8fdc86791dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LoadLibraryA
VirtualProtect

user32

MessageBoxA

Exports

Exports

ApiHookChain

Sections

.text
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ