821ceb09d871b4e0e293a5b0281b6de9fa1fee840b1c3ba1f0ba6949a8cb6624 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

821ceb09d871b4e0e293a5b0281b6de9fa1fee840b1c3ba1f0ba6949a8cb6624
Size

108KB
MD5

444b0022e2edb0bb77e8db2d05d46eae
SHA1

e5c4d4d49db08e0189a4ad652cb5229bb029f107
SHA256

821ceb09d871b4e0e293a5b0281b6de9fa1fee840b1c3ba1f0ba6949a8cb6624
SHA512

744062bdcf7527dd90d8b7495244f7526220a5ac3764aed525c743457468a0b26b68a0af3c1e2fd352073a6d061a3cdf473044fa6873bf048895c1142bbb355b
SSDEEP

3072:NiY73JnZzSUZUk0cyoZjgQslSFcRZZywY5adrmirp7C5:Y+nxSOUkiotfslGcH41mQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
821ceb09d871b4e0e293a5b0281b6de9fa1fee840b1c3ba1f0ba6949a8cb6624

Files

821ceb09d871b4e0e293a5b0281b6de9fa1fee840b1c3ba1f0ba6949a8cb6624
.exe windows x86

fe9afbb78d36e4485ca2cedfcc699e3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ