a315c841c1bc1a2fd0fe86e59f7e16254839430a15474b31ffb8438abe7b2ff4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a315c841c1bc1a2fd0fe86e59f7e16254839430a15474b31ffb8438abe7b2ff4
Size

484KB
MD5

d8143488fd951bc37e27daa485801037
SHA1

e3f422751d0dfd43c74d164a106616f9a9d7d655
SHA256

a315c841c1bc1a2fd0fe86e59f7e16254839430a15474b31ffb8438abe7b2ff4
SHA512

7944b7ee50a0fa1e3284651b0afa2de0397e28e40c41760beece7288f54287261e3b1e4d2a1de12050549eafd7173e74c66388fc60bcefa83214c4d7b983f142
SSDEEP

6144:R6rrrr84vRLWMYbo1BoPwcjbjgQE+ujjk9rNLaDNeDhF3LI9w03mREXTu2:WrfJcjbjgQE+ujjkHLaeDfLQWUv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a315c841c1bc1a2fd0fe86e59f7e16254839430a15474b31ffb8438abe7b2ff4

Files

a315c841c1bc1a2fd0fe86e59f7e16254839430a15474b31ffb8438abe7b2ff4
.exe windows:4 windows x86

64eac9fff19ac89567030c2227b58428

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PeekMessageA
MessageBoxA

shell32

CommandLineToArgvW

iphlpapi

GetIpForwardTable

advapi32

AdjustTokenPrivileges

ws2_32

WSAStartup

Sections

.text
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ