OverflowLoader_1-decrypted[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OverflowLoader_1-decrypted.exe
Size

4.4MB
MD5

1566b360399635ee37b4ebe2158718fa
SHA1

cb61955c9afb15ce1aeefeb4c08577d661a3bbb7
SHA256

a7a551392fe0866d447c53126da96897965f98a78bce2ecd76fb1717468b6a5e
SHA512

247c18ea16bc0808ecf13919eef27c1b1423b7b698856e40b82dfe0a0e234213acb5d96495edc4708aaa9448728c155260bff289fc689646bd2c79b30fcd0d16
SSDEEP

98304:RHq3Ym5daZdjObRpK4Y9OLTAFg5dNoHq3Ym5daZdjObR:tq3YmOZdJnWTsgmq3YmOZd

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

OverflowLoader_1-decrypted.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ