83fd23ee476175c0b0f0a46200598ee4 | Triage

Sharing

General

Target

83fd23ee476175c0b0f0a46200598ee4
Size

4.8MB
MD5

83fd23ee476175c0b0f0a46200598ee4
SHA1

988b0ca1261a7810b64df96540766f7f7c56022f
SHA256

3279ee666821ef28cf1776a074111119c97a07ad57a8816437eeac5ff937605e
SHA512

68c911f53b89973bff5b83b6cdc398370e549fb6c823bd7fedee2ae3156f5795270c1ae3a91990ba48bef74f872b8f103ae15a7bbb89f59e16f8b96d2fbe54b5
SSDEEP

98304:QOl58P5ctjoDng8WlyYtWgZDJQ5hE21F/5K2ZM+mUcr4pg+J1RLQ4vfa:QSMokk8qjWy9YhE2zommUcI7hLQ+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83fd23ee476175c0b0f0a46200598ee4

Files

83fd23ee476175c0b0f0a46200598ee4
.exe windows:5 windows x86 arch:x86

450084b8643602b5c5f3ffaedab58045

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

WriteConsoleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE