9d38ac60661d27bbc080bc6cc964bf8e[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d38ac60661d27bbc080bc6cc964bf8e.exe
Size

1.6MB
MD5

9d38ac60661d27bbc080bc6cc964bf8e
SHA1

4fa56e08c5e61e1e9eafc06621bb25c0671b5122
SHA256

7ddef240da75c36d17a3eacf16873d767ab23a30d8369f10f1dbbe88573b0a2b
SHA512

6e370f9859f526b2e4349cd3d91d3fa06558cdbb72808e473b2c274ee6495ffa38b1b026a673011fcf80f555220d35a4ffca450fbeed77c478e296503f9dc3a7
SSDEEP

49152:HIx5Ub2o4iW0Wc9vFWLmDeHtzRf668XzRC8e9DQbT68PtYg:ocio410Wzmizg68hmsbx1Yg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

9d38ac60661d27bbc080bc6cc964bf8e.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ