15d18d8bb2288afb5db8da96b5c7239a[.]exe | Triage

Sharing

General

Target

15d18d8bb2288afb5db8da96b5c7239a.exe
Size

1.2MB
MD5

15d18d8bb2288afb5db8da96b5c7239a
SHA1

679795fde037d3846882169a2365317e86f445a8
SHA256

052b9b9cf574b73e2806d4df775813de606f5773af477dfed3cbf736656b1050
SHA512

bd3199bf8d4b4bc8f65094720a96f3fc5bbbcddcf8250a01e0cab6dc567710c69d7aa066136a4455c3e67ace8926faf08b1673c4bdb8cdb02ecd038084e32ca0
SSDEEP

24576:I1eEjVWIh7ZjIHwZwXBsns9ng7/oD+7kI:I19jVWIhpr2ysxg7/oJI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

15d18d8bb2288afb5db8da96b5c7239a.exe
.exe windows x86

4de6f77def86f68ea6fcd69718b02d01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 712KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ