b59185dce709153f1b429560d62264bd9a282826383c6bf627e4afa92ad244aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b59185dce709153f1b429560d62264bd9a282826383c6bf627e4afa92ad244aa
Size

200KB
MD5

c1d3b0f90ab87edef1f2ceed87932760
SHA1

291a3ec668c6cab1a3293c832a2a30605bc7e569
SHA256

b59185dce709153f1b429560d62264bd9a282826383c6bf627e4afa92ad244aa
SHA512

205f4d642392c78a54fb3fbf638a0388628957a0e24e88e06aee8ab48f39173f11064c50aa981e7286e4836ce274d730b77d9b60caea7b9d5250622e1e6dd087
SSDEEP

3072:iy0/H2Gj4aBvECfTlKS/XkglMpeb+6eR8uGVrXe3p7/qb5a:iy/evvECfTA5eAR6exMe1/e

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

b59185dce709153f1b429560d62264bd9a282826383c6bf627e4afa92ad244aa
.dll windows x86

42c035c471baa12b9aa5de5bedc1cf69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ