db14a27ad2a55ecb9c2e0de1fa5b54cdfa4841c5de4f8cfae6b44a49a0dce524

General

Target

db14a27ad2a55ecb9c2e0de1fa5b54cdfa4841c5de4f8cfae6b44a49a0dce524
Size

56KB
MD5

509d774e9c716a467392f15f7bf3e392
SHA1

51a3a085fc8b7b148dd273dcc6a5b19b426d1e38
SHA256

db14a27ad2a55ecb9c2e0de1fa5b54cdfa4841c5de4f8cfae6b44a49a0dce524
SHA512

98a33d8bc2e6cd878d6b7deae01c2eebee3a8c9b6e7b045a9150912c4f7213df2533492838ebb68a10ac05003c63115be5e27fa64a4392862a6904057aed08ca
SSDEEP

1536:toq9Mdmw0zs2K6CYgqsUCUTOqcmdP3Xpc:tGmzgqTpPJc

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

db14a27ad2a55ecb9c2e0de1fa5b54cdfa4841c5de4f8cfae6b44a49a0dce524
.exe windows x86

d86d89738c9bf2d73d51bd3c13a060d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwReadFile
ExGetPreviousMode
RtlUnicodeStringToAnsiString
ZwSetValueKey
ZwSaveKey
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
ZwQueryDirectoryFile
ZwDeleteFile
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwDeleteKey
DbgPrint
ZwEnumerateKey
ExFreePoolWithTag
ZwWriteFile
wcslen
KeDetachProcess
IoGetCurrentProcess
MmMapViewOfSection
ObReferenceObjectByHandle
KeAttachProcess
ZwOpenProcess
KeServiceDescriptorTable
PsGetCurrentProcessId
MmIsAddressValid
ObfDereferenceObject
MmSectionObjectType
ZwOpenKey
MmUnmapViewOfSection
ObQueryNameString
RtlCompareUnicodeString
ZwClose
IoCreateFile
_wcsnicmp
RtlInitUnicodeString
_except_handler3

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024B - Virtual size: 750B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d86d89738c9bf2d73d51bd3c13a060d3

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 22KB - Virtual size: 21KB

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 1024B - Virtual size: 750B

.vmp1 Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 22KB - Virtual size: 21KB

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 1024B - Virtual size: 750B

.vmp1
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 448B