a752b7bf116097459c3e7085f68ec6df7ff119404e90692ceadce30fbb7f5929 | Triage

Sharing

General

Target

a752b7bf116097459c3e7085f68ec6df7ff119404e90692ceadce30fbb7f5929
Size

47KB
MD5

8e7cfc03c55ae8f0394fb788400fedb7
SHA1

052129bfd4135a3e6b04f6489798851f37953158
SHA256

a752b7bf116097459c3e7085f68ec6df7ff119404e90692ceadce30fbb7f5929
SHA512

c2915e86d17f836cfa6c8dea399ff3ffd3c83667248e8eb2a238c338f1f2fd06e7c9ba49c44b6d06fb27b0e15684824222210c867f2ab6a352e462f097743ba1
SSDEEP

768:G25O83Ff86gQG1NbZ64ix5ibqT0UCY0YHwJbrW8ClnjoUe3Elkns6JVTVfIqGPdL:xJFf/gQG1NV6Nx5040UoYHwJ/W8On0Uf

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

a752b7bf116097459c3e7085f68ec6df7ff119404e90692ceadce30fbb7f5929
.dll windows x86

4d53f5f1134e09d5d91eaca897235d03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strnicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
memset

kernel32

HeapDestroy
lstrlenA
WriteProcessMemory
VirtualProtect
MultiByteToWideChar
LocalAlloc
lstrcmpiW
LocalFree
FreeLibrary
HeapAlloc
GetCurrentProcess
HeapFree
GetCurrentThread
GetModuleHandleA
HeapCreate
SetThreadPriority
GetProcAddress
LoadLibraryA
GetThreadPriority

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ