d3eb8ce3b0edc1462c57986cb1756921[.]bin | Triage

Sharing

General

Target

d3eb8ce3b0edc1462c57986cb1756921.bin
Size

233KB
MD5

84f666f422cb4573b7305e6bcde1c6d6
SHA1

890830a5cb7708f360671fbae41286f264bcbc8e
SHA256

dfa3da7f181973882b701477de54abc027d699a3372be5cd564dd99022de785f
SHA512

315c2930ff0d2b86ff9818de9c1e1b4fc59e00c7c2da5512490a5dbb1d18cf949ab459ebf40661c1c7d754fb4a154d7badac74d6d3477274eff1bdd7f77722f2
SSDEEP

6144:BA/9Z5KFkwDeghr4iRNOHZsvV/QafIOvx:Bo9rWH4U1pQMHJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
static1/unpack001/712c87a3fe55b170358252e7e5db424a5c683e66130bec2a86af16006b58cafe.exe	vmprotect

Files

d3eb8ce3b0edc1462c57986cb1756921.bin
.zip

Password: infected
712c87a3fe55b170358252e7e5db424a5c683e66130bec2a86af16006b58cafe.exe
.exe windows x64

Password: infected

7fbb89c5ace3a586a0c16f198ccfd95a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TlsGetValue
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageA

Sections

.text
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ