78c751914b6640fde9e384b118484c277ec10708a8eb62bcb42f3a3f67f7ed16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78c751914b6640fde9e384b118484c277ec10708a8eb62bcb42f3a3f67f7ed16
Size

3.3MB
MD5

5c3b4a716e81ac53bbad88adbbbedd12
SHA1

08ba3d76574befc062fef808ae77819b9b115471
SHA256

78c751914b6640fde9e384b118484c277ec10708a8eb62bcb42f3a3f67f7ed16
SHA512

db61ddd96c1d13df856e1c4734e23913c6fd10695c97cbbea039bae6b8473df5c7bee1da30415399c0aabe1e20495fb3ec36538cad84f32e0d99de6aea59141c
SSDEEP

98304:ax+/tPINewdvc/7NK8PX2aXi9LOfOEGHM4:ax+/tPINeQvCM8PkQfr4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78c751914b6640fde9e384b118484c277ec10708a8eb62bcb42f3a3f67f7ed16

Files

78c751914b6640fde9e384b118484c277ec10708a8eb62bcb42f3a3f67f7ed16
.exe windows:5 windows x86

020bc42814a7c9df0f1f56b87c27c18d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

recv

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ