d7ca949053e70d2afd45a79ca7647fe2d595299e9a364743c49041f47a43545c | Triage

Sharing

General

Target

d7ca949053e70d2afd45a79ca7647fe2d595299e9a364743c49041f47a43545c
Size

3.8MB
MD5

5ee95aebf16e775840bad474169b310e
SHA1

ca75074690395e0d161941facdcd87baa78abe64
SHA256

d7ca949053e70d2afd45a79ca7647fe2d595299e9a364743c49041f47a43545c
SHA512

bf7a894380032980b6d09cd2f4882a142266c2abc59d3c7129abb491832a1a90e58eea5317e360bcb1809a3c28898e91d0215891105d17ac786c5b55515d6a54
SSDEEP

98304:/Hgr6ZAswwQkre75nMvjE+algCFxP1xjW1iPPT4M/H+ZoLaVDprZYruDhpMXAr:PIZwQG0NMLEL/xBWqT/RLaLrSiNpMXA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7ca949053e70d2afd45a79ca7647fe2d595299e9a364743c49041f47a43545c

Files

d7ca949053e70d2afd45a79ca7647fe2d595299e9a364743c49041f47a43545c
.exe windows x86

1f32788688d13577260c655bbaea02b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE