ef90abffd4a3bed1bf68b933518c7ee91ef7897c28cac2309f9fbd4e7896d5ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef90abffd4a3bed1bf68b933518c7ee91ef7897c28cac2309f9fbd4e7896d5ef
Size

108KB
MD5

6fcc51a788f43780e1e0832576aa5e59
SHA1

5346287a0dd9893b42edf4b4132a3f6aee3a9323
SHA256

ef90abffd4a3bed1bf68b933518c7ee91ef7897c28cac2309f9fbd4e7896d5ef
SHA512

2efaee2d1a1e95620205b6efbc97d78f5a9302932d4710fe66e5acf5c5fd48b4f1ebd33e17b134a3293c4e36031a41793be78f4042b3a18b59e639ff9552a75f
SSDEEP

1536:5gGIVa1R5wEdoxZPoNVNzLS6TPT+wYTesGf32qJH0HXDRzjXoGtoPdUFYctMSk16:5FEhoxzeoPT+SsofJ03dX34d6YctMS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef90abffd4a3bed1bf68b933518c7ee91ef7897c28cac2309f9fbd4e7896d5ef

Files

ef90abffd4a3bed1bf68b933518c7ee91ef7897c28cac2309f9fbd4e7896d5ef
.exe windows:4 windows x86

fe9afbb78d36e4485ca2cedfcc699e3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ