file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

5.0MB
MD5

d1a831bc31ffe84e10053f4dc2b8b7f2
SHA1

bf4ea86ea2a936cb58af1498357cb278726de43f
SHA256

49072bac8573c9e7188774d93c345c9c9d9ee09b8c3a8590a840d1aa2d7a1595
SHA512

f6bf7cfb34f8019a267cb0287a1c819c8a7711dcd5c664101cecd96d2ab5e51a3587c5217bf0da2dc5b22665acddbea32c3c78bfdc8311d6fd2d74bcbbea5472
SSDEEP

98304:jYaUZ8RZum283oxxEYFsC3KIBlLrek0OA8ooQSJbwR09i:jYaZur8BkTLAOAjHgWf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

file.exe
.exe windows x86

9805e1ce72f7bb09d0e6c7231614ec12

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalAlloc
"�?�lt��/5�n��iF "��"[G9i��#ݻ٨"0.l"G�-o"Pv��I&��K|"��*q"o�;x"�Y-�"��ʝ�{q�W�1[`"y&�"w��"��g��@��
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLi`rary
LoadLi`raryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetUserO`jectInformationW

advapi32

SystemFunction036

shell32

SHGetFolderPathA

�rypt32

�ryptUnprotectData

gdiplus

GdipGetImageEncodersSize

setupapi

SetupDiGetDeviceInterfaceDetailA

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9805e1ce72f7bb09d0e6c7231614ec12

Code Sign

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

�rypt32

gdiplus

setupapi

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 163KB

.data Size: - Virtual size: 41KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 181KB - Virtual size: 2.4MB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 163KB

.data
Size: - Virtual size: 41KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 181KB - Virtual size: 2.4MB