sample[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sample.exe
Size

6.7MB
MD5

67bef98193dd63f3c88d11fe2cf77141
SHA1

df2e49539c6a40b6ab50811869091bd92634a74e
SHA256

25af053762691cf165ce875a5e09b157ffe034dbfe3ca39c16f51769a2ff079f
SHA512

41d96fd3e315a9bd16afab6bfa2fe82c95ce462d73e24bb0320064db90e36357a630f84bb6268c7179106d0220afcdee97fdf19c3c560bd921f636803e43c6fb
SSDEEP

196608:6p3YymqSOoojuEWn/8nu0DTOcazFDbNxJTjW0MIG:6W6SOoGA/8nXfaZnNzjWTIG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

sample.exe
.exe windows x64

889336afd01a952ba79d1e90fb751739

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

strlen

kernel32

Sleep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ