9dd1ab95bffdf6a008b5f5a034699d6871a5ccc7a1cc0af1cf5ad80042df19f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9dd1ab95bffdf6a008b5f5a034699d6871a5ccc7a1cc0af1cf5ad80042df19f8
Size

397KB
MD5

a8863bdb5d060f571462dd89ddd9e85b
SHA1

98c85fbdf33a6ae50bfdd7dd6c3cc546f25f42e6
SHA256

9dd1ab95bffdf6a008b5f5a034699d6871a5ccc7a1cc0af1cf5ad80042df19f8
SHA512

94a76975d9634405e0bd93c52ff7b10221c390a454762f17f31969cc7930e5cdd526b6f624a44d85d0af7aff7ab89b476ae5685d469c21134a46555be02bf89c
SSDEEP

6144:6sofPiELi2TbGmlw7qzNkFReg/H+cwaY/5E5djFEOh4aK7S2Zjz+z+QbMtwMGWTM:6sotKmlw7qpwRt/H+L/5Op4aqSWjwhv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dd1ab95bffdf6a008b5f5a034699d6871a5ccc7a1cc0af1cf5ad80042df19f8

Files

9dd1ab95bffdf6a008b5f5a034699d6871a5ccc7a1cc0af1cf5ad80042df19f8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 172KB - Virtual size: 52.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Fixed
Size: 58KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Silvana
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE