d62edf919a26a936e142b18a1a1b9474 | Triage

Sharing

General

Target

d62edf919a26a936e142b18a1a1b9474
Size

3.9MB
MD5

d62edf919a26a936e142b18a1a1b9474
SHA1

375dc8ca18af2ccdefae012b3cca79f122a625e9
SHA256

368ef81f1e2fb7b031f05151a66bdcc17aa4953ad9ed706dcb203ebb2f3735db
SHA512

ece23038984e7e138c3a7924c38e1f73db2ff2018acc8378a88452ec7c511b9613eadd265af28c9aa18b0fdf712e592c7eb1603c1bf7745e158b9357957e92e6
SSDEEP

98304:9iEFSokDB4zhAnVL3urhAZOewzkTvQGbGGZNNwySSV4J:xMoU0A9qhAczkT7bd7NwySQ4J

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

d62edf919a26a936e142b18a1a1b9474
.exe windows x86

7b941c7d8bd6a1e26cd3508e8ecc4cbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetProcessWindowStation

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE