775242a63caf2a32e8d897a6ea52bcf1ca689cec65e5d480f2f9be1369256f2b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

775242a63caf2a32e8d897a6ea52bcf1ca689cec65e5d480f2f9be1369256f2b
Size

728KB
MD5

4b086c51f6c4457181fb651bb683a066
SHA1

a84815eb015c2fbf4b995542ef3b5016342bcd04
SHA256

775242a63caf2a32e8d897a6ea52bcf1ca689cec65e5d480f2f9be1369256f2b
SHA512

2248da63d9d5b0aa5bc81ba99fb8e88244e452d5e4e5248d7589ba093e1b25d02bb37eb366a1924512c25dcc409b2048c51a59405131c2d0bc84e5f92131a74e
SSDEEP

12288:o6VgIhj/NW4qC4lEIoMrppnK7k+UlPByJSLsPhYzepJ55Oi5PflIXk:o6m0j/NMn7rppSk+UlPByggPhYaJ55R8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
775242a63caf2a32e8d897a6ea52bcf1ca689cec65e5d480f2f9be1369256f2b

Files

775242a63caf2a32e8d897a6ea52bcf1ca689cec65e5d480f2f9be1369256f2b
.exe windows x86

3d5103e99b669ad75ff413133a5d0640

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernelengine

??0CTraceServiceControl@@QAE@XZ

servicecore

?SetIniFilePath@CWHIniData@@QAEXPB_W@Z

mfc71u

ord1591

msvcr71

_c_exit

kernel32

GetVersionExA
GetACP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

comctl32

ord17

shlwapi

StrCmpW

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 696KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ