PBZepetto (Mr[.]Cheats)[.]exe | Triage

Sharing

General

Target

PBZepetto (Mr.Cheats).exe
Size

1.3MB
MD5

a67a5f84b972e79d0c96d382fc524335
SHA1

699ccc29e21eeef72d24fa387ef2c00d96e4e797
SHA256

04f9e83c426f836a125f583718bba1faf971d198a6c422368a6ecf4f9a05d744
SHA512

80912e673ba93797d6c18b241b262e9fa3997a443df5928040f32a50030a3d33e8e939a38c0514bcbe053c79efd3f4c5bcd7909c32a384e4417b5a591c6f67f2
SSDEEP

24576:qKFLRrjLpztUzcZjvOJFLiNqmAGuz1cGjg5s7OEjH23j1xYBFu:qK/jpztUcSL4qmAGuzWwFJjwk

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PBZepetto (Mr.Cheats).exe

Files

PBZepetto (Mr.Cheats).exe
.exe windows:5 windows x86 arch:x86

61137bc655e9b8404f49acb4ade96fe0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_adj_fdivr_m32

kernel32

GetEnvironmentStringsW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ