ed47c5e28d9e2a34b2ed6cc643148bea0e72c40cafd214c718c78ee4e2fa85cc_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed47c5e28d9e2a34b2ed6cc643148bea0e72c40cafd214c718c78ee4e2fa85cc_JC.exe
Size

627KB
MD5

4c01c1cfc4cf2e3f2c40fcd0759ed944
SHA1

fc5791b3dd24f7abeaf74b148011e68ea3dd68f0
SHA256

ed47c5e28d9e2a34b2ed6cc643148bea0e72c40cafd214c718c78ee4e2fa85cc
SHA512

939493e95393d265db9bcded3bb073ec7422b1d70fa4cac7897fc0e070e619d73db283bc658ba994b13ac1e34b4b35db0374b30503019437a658a28c39641526
SSDEEP

12288:R4zaQ6X8gJwhWocWe0yQ7OqqLV7ndRCVQz4E5YkVRbZ4bOdBkkMfaA:R4zah8gJQWocWeLIQU657TkiA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed47c5e28d9e2a34b2ed6cc643148bea0e72c40cafd214c718c78ee4e2fa85cc_JC.exe

Files

ed47c5e28d9e2a34b2ed6cc643148bea0e72c40cafd214c718c78ee4e2fa85cc_JC.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 844KB - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE