6978a1de9f1c6d234ddcbf739cf7f667a858e0c86c40c09eff9a01b7dc93e472 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6978a1de9f1c6d234ddcbf739cf7f667a858e0c86c40c09eff9a01b7dc93e472
Size

10.0MB
MD5

427dd997fb8a298dc32d2c26b2c0a157
SHA1

37153de7424b4f2e4a67c73e060f06dbc12a878d
SHA256

6978a1de9f1c6d234ddcbf739cf7f667a858e0c86c40c09eff9a01b7dc93e472
SHA512

6d56f4908a982261ac6e0536ee98f451b543e59578175ef09347e62f7fd54f6fa474bdeae252c0690d5124f175178961490fdc7cfdeb80c1169bd9725fdca57f
SSDEEP

196608:C9DSuiHGjbWtOsc/fFNZXs7bmwzqajUD/stjr:+DN/WtOsaFNdq6wzb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6978a1de9f1c6d234ddcbf739cf7f667a858e0c86c40c09eff9a01b7dc93e472

Files

6978a1de9f1c6d234ddcbf739cf7f667a858e0c86c40c09eff9a01b7dc93e472
.exe windows:5 windows x86

5fd8a4ad9b2357c3fae9e1483cf6ecaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord579

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfW

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ