be2bbcceab60d0f7c1fd777cb3de1008772fa96282402abac6dd495f5b414203 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be2bbcceab60d0f7c1fd777cb3de1008772fa96282402abac6dd495f5b414203
Size

941KB
MD5

6b47867d7d168d3e519e6f8370ce6b10
SHA1

67029b25797f7740b6abf00fe3a739b708dfc8ce
SHA256

be2bbcceab60d0f7c1fd777cb3de1008772fa96282402abac6dd495f5b414203
SHA512

9dad1bed700ffb5204eac1a1418389ac22a505bccb0939ac8333d092887f5d264589ac27eddd88df8e2b6a0d1d6c34387129244d55400270f61909d32ad49c96
SSDEEP

24576:bGIjxASCWFUGnrk9eppzZiSoZ1hDJ2qVIfFzGpB9FXFRIbsMkV:aenq8pzg/ZDJ2qVIfFzGp7FXQbs

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

be2bbcceab60d0f7c1fd777cb3de1008772fa96282402abac6dd495f5b414203
.dll windows x86

eae4fbcf50b8fea3f988b82ebb900f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersionExW
CompareStringW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnumWindows

iphlpapi

GetAdaptersInfo

winmm

timeBeginPeriod

Sections

.text
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 939KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ