MicrosoftEdgeUpdate[.]exe | Triage

Sharing

General

Target

MicrosoftEdgeUpdate.exe
Size

4.9MB
MD5

8223e55c97c61478aa4230b2ca498a38
SHA1

a42c6d401fbf798806c5fe85c47cc047c189e486
SHA256

496b8bd286c915005f3c55317df916ec79ad773e7b88e7f52ae7019f2f071ba7
SHA512

5a2f32412d677e22602e0155a70328d9836e06eb26f59b6872b902fd044a7fb1011e066696018ae3db018282169e47e00aea3a861643662746543ab5f4d2f93d
SSDEEP

98304:NKB0rS8yY+gIpexlkt2GguS8qth97fOMFz7lFrL8XE:8BaQgGft2hqeh97fOmXlFk

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

MicrosoftEdgeUpdate.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ