933eda16cafb3a2cbab05a53fa799560c5703482e7524c4f3e8f8daa11485315 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

933eda16cafb3a2cbab05a53fa799560c5703482e7524c4f3e8f8daa11485315
Size

756KB
MD5

341f6889b4bb47d9bf391cbe9b5fad93
SHA1

7b47fd3a1946a470309bbed6016e836dcc277ff3
SHA256

933eda16cafb3a2cbab05a53fa799560c5703482e7524c4f3e8f8daa11485315
SHA512

1f3245456ac3d65069ec8e375820fd97f356ee942ff87cdccba8ba9ab86489632c51786ec2b4eb6025972d8eb6067578c80ccba7c1a0052d6b95b86301c21064
SSDEEP

12288:VCgMP0l+P7iCYo7aNDvGny2sS9uNt4iuhJFMrDnwQyUS4FHwiLt7OVmHhj6/eqfs:3+P7iHLNSy2LuUrdMD+aHw8Hhj4w

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
933eda16cafb3a2cbab05a53fa799560c5703482e7524c4f3e8f8daa11485315

Files

933eda16cafb3a2cbab05a53fa799560c5703482e7524c4f3e8f8daa11485315
.exe windows x86

4ad9d356289a8c1f4cc2a2348c6e04c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 732KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ