b98920e1275c325dcdd055473576759844eecdab37d5020daecb6810d47aec1d | Triage

Sharing

General

Target

b98920e1275c325dcdd055473576759844eecdab37d5020daecb6810d47aec1d
Size

180KB
MD5

69b99b678c3ccf72f8578b5b56a7f975
SHA1

d982466ca5b86d10a371639fa6d03165eb13834f
SHA256

b98920e1275c325dcdd055473576759844eecdab37d5020daecb6810d47aec1d
SHA512

3ddee5c7a391518007d14ca672d394a46c45d1610c8a760f51ca471195fcb6186f42618dc47da360a39e9a6305c7ff05cdb8ae4a1ecc9e856a6b6fa28ee3391d
SSDEEP

3072:GRixf7CwU5rsVnY/8zvN2R9D/3qbpC6dnXHkketppLYCJ4HJeXkzPLuLlKNPxVn9:GKVnY/8zva/0pCqUkefJ4HJ9zjjN5To8

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

b98920e1275c325dcdd055473576759844eecdab37d5020daecb6810d47aec1d
.exe windows x86

2815a26316831738d3675416954567f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ