e5413fb6432d3132ba21cbe2d4a025918603e69f0d4d0187cae4fdf338e982eb | Triage

Sharing

General

Target

e5413fb6432d3132ba21cbe2d4a025918603e69f0d4d0187cae4fdf338e982eb
Size

1.3MB
MD5

6072b4f1d688f1ddc47b999bd635736d
SHA1

e4ffdee07731c8343a223632202f0cbe5e14b15e
SHA256

e5413fb6432d3132ba21cbe2d4a025918603e69f0d4d0187cae4fdf338e982eb
SHA512

c91527d854a8d62b8e81f024a0d19fb4e123097cdb52ee50f9909fcfe828996a24e06653fbd094789507e7b5c20ce1981e12e5e9a4d28371f78fee208d6d3cd5
SSDEEP

24576:ELIeR5yZPStu9l2oJQgota+wZGaELSz1CIQdssu3XYJkMnWB+HxScsxg/BwwpBKc:E8eR5yZPStu9l2oJot3w0po1CksirCRf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5413fb6432d3132ba21cbe2d4a025918603e69f0d4d0187cae4fdf338e982eb

Files

e5413fb6432d3132ba21cbe2d4a025918603e69f0d4d0187cae4fdf338e982eb
.exe windows x86

d607a8c470a630883446a63fcff57640

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

DllFunctionCall

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ