a2fd4f05bdb2efcc1756d3eec9bcf9f48d5d4346af29b9be80584144a9d1c546 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2fd4f05bdb2efcc1756d3eec9bcf9f48d5d4346af29b9be80584144a9d1c546
Size

948KB
MD5

a4a793a373a001e983c495219db8a41d
SHA1

ad36979778c48eaaed7a5353248504f15bc86b26
SHA256

a2fd4f05bdb2efcc1756d3eec9bcf9f48d5d4346af29b9be80584144a9d1c546
SHA512

5ebedf859f599248043c3777935e4624160d9b2e3479fc33d85961c09c64cc98401fd139b15424318e306953ad44bf7b8e69cdf86407b192436bda407a7af15e
SSDEEP

24576:517kqVbWfn1m8DrSIGMXANbsPNMzCCp6yFTKavKfWnjX25NLG:P4qVbI1m8ZXqQPP862TKavKuby

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2fd4f05bdb2efcc1756d3eec9bcf9f48d5d4346af29b9be80584144a9d1c546

Files

a2fd4f05bdb2efcc1756d3eec9bcf9f48d5d4346af29b9be80584144a9d1c546
.exe windows x86

64cbcf627dfdb6aedc68084353fdbfca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrFixstr

kernel32

GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 928KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ