book_520861[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

book_520861.zip
Size

12.7MB
MD5

c4c5aec5a33cee0f2df626663d6291e5
SHA1

1f9063106df59ae8f70f73b9c819478a547d5739
SHA256

3352330e698a710753c44346dbfbf2a3c14faae1a5b151c7890627a2dce6a4cf
SHA512

d93c6e1265cf5a928eb7af1728bbeecd300841792acd8938ffb3f8018e0c44188e47ba36155184367341db9dc104ff278672f1daf463d726b47f4ad3800acd2d
SSDEEP

98304:zCRxYfO4AeFkNiVl8+mJ+t1UNm9rDkDOVHmQbJW6yu:2RSfOlNiVG+m6fBkScQ1W6yu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/book_520861.scr	vmprotect

Files

book_520861.zip
.zip
book_520861.scr
.exe windows x86

63873d7e175c3e49441fc07498369eff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy

kernel32

GetCurrentProcessId
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ