c10115c1ea826deb0ada71ba2241d5b76f667aec296edfe1573f7af5d31a2d23 | Triage

Sharing

General

Target

c10115c1ea826deb0ada71ba2241d5b76f667aec296edfe1573f7af5d31a2d23
Size

824KB
MD5

b04c3df777d81c4a0925596a96d0bce0
SHA1

20be03c74cc486643110312b10510f3730e8ee92
SHA256

c10115c1ea826deb0ada71ba2241d5b76f667aec296edfe1573f7af5d31a2d23
SHA512

09fa9fc65bf9c9be7a52967a52b31f0836b21257cebc27f1cec85e92cbe9e841a289742c66fe651899259f2a29e275501387f822e334bb6aa9d1d5f6d8dc4e2b
SSDEEP

24576:GzLds6HJMhNO8czvKpocgo9KBTrUmcikg:GNvJWczvKpDZI8FBg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c10115c1ea826deb0ada71ba2241d5b76f667aec296edfe1573f7af5d31a2d23

Files

c10115c1ea826deb0ada71ba2241d5b76f667aec296edfe1573f7af5d31a2d23
.exe windows:4 windows x86

696fb7921c51b8934bef291dfd092044

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord526

kernel32

GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfW

Sections

.text
Size: - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 804KB - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ