4f9bde98c758abe4476b372163700ad984d7126116f0474ef81ace94a9a40b98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f9bde98c758abe4476b372163700ad984d7126116f0474ef81ace94a9a40b98
Size

108KB
MD5

4ab099762ea0067ecf8be6d3a8c821fd
SHA1

2af0943883f4a3a3adb9ae83613fc0faf4999788
SHA256

4f9bde98c758abe4476b372163700ad984d7126116f0474ef81ace94a9a40b98
SHA512

2bbce0f2afa34abb9e63507619af0482a10c1f1641ab5e6a940973bde3780eaee2efcd2323f2036deda9f4e6b802e5f505dd83a472d229ab98f9185e352ceb71
SSDEEP

3072:wu4Ha1X0AE6e7wv472jY4iFYT5ErDmQnA2:IUFgU47oY4EYsDVA2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f9bde98c758abe4476b372163700ad984d7126116f0474ef81ace94a9a40b98

Files

4f9bde98c758abe4476b372163700ad984d7126116f0474ef81ace94a9a40b98
.exe windows x86

fe9afbb78d36e4485ca2cedfcc699e3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ