b970c327c2e8914749e73713d4dd743ae3907f0a66bd5c34806c6e5f23cf9aa3 | Triage

Sharing

General

Target

b970c327c2e8914749e73713d4dd743ae3907f0a66bd5c34806c6e5f23cf9aa3
Size

3.8MB
MD5

f43ab10a6a9570e4bdc2fd04aa3aa7c3
SHA1

487c24712a3e6774dbcadebc952d3c53471b84bb
SHA256

b970c327c2e8914749e73713d4dd743ae3907f0a66bd5c34806c6e5f23cf9aa3
SHA512

762704abf2453968779d51f18fd25c28f2b016bfcf9f7ae6d678f9b96706b019214099f5f9dc2497bd5686bbb2e16e4d435137508980cd48a58da8322ec72529
SSDEEP

98304:iYPGZ6Gqx5CyuqoEsgy6SDVpqyEAYOV+pyIXlmgCE660v2Pu0n:iKGqx5Cxq+gNSDzqFacpPM7Jk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b970c327c2e8914749e73713d4dd743ae3907f0a66bd5c34806c6e5f23cf9aa3

Files

b970c327c2e8914749e73713d4dd743ae3907f0a66bd5c34806c6e5f23cf9aa3
.exe windows x86

9bf5e17e8dfb1f9f2b1de532bded4f36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
FindResourceExW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE