643e261f8c896685c085d86486b26427f52ce968ed0941f59e2fb75a769eb14e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

643e261f8c896685c085d86486b26427f52ce968ed0941f59e2fb75a769eb14e
Size

2.5MB
MD5

49ae651b69ab1e13878094d13519a1ff
SHA1

b5b7773ac19b19d4b677e054e61e15fe9d62d7c9
SHA256

643e261f8c896685c085d86486b26427f52ce968ed0941f59e2fb75a769eb14e
SHA512

2b84c76e0b3c887d5b664a91b77ad327b33d57182aad1c9dd85926b241b672300e258e917d68f1fd722e7be38edba1184b130ae97b871429d13497213e3e8e5c
SSDEEP

49152:KwUks02vIhvFeHwwNX00eP7G1B5OhasJiz/+L3vTmCjaF7Fzp9uaK:KjvIhiVt002WPxsJiz49aNFzp9M

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
643e261f8c896685c085d86486b26427f52ce968ed0941f59e2fb75a769eb14e

Files

643e261f8c896685c085d86486b26427f52ce968ed0941f59e2fb75a769eb14e
.exe windows:4 windows x86

31d5943cb8268db88794423d954ec0a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6055

msvcrt

fclose

kernel32

LockResource
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawEdge

shell32

ShellExecuteA

msvcp60

??1_Winit@std@@QAE@XZ

Sections

.text
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE