a060f453f403879e1b7d3f9c4e9d88c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a060f453f403879e1b7d3f9c4e9d88c3
Size

4.7MB
MD5

a060f453f403879e1b7d3f9c4e9d88c3
SHA1

6cdd74d7e15aebb99d8db02ce222b15bdcddfdc4
SHA256

a5a7ecabba1472af3a920f7cf5e6bee97f46aae78e29568547675319c5c32b6e
SHA512

8b76e5f47914e89323b3c5eeececbf73ad798818f417029f857839639bad0804f00aa9ee75419d6bc0f949bcec05c21a0604e70dec0cbdd2c758ec67d6920e2e
SSDEEP

98304:Q771ku5skc8ltxm0vlVO/HYN/LmODOLUlX+9JwwpXoQLxNn48:Q76xZGKH+0LUBwx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a060f453f403879e1b7d3f9c4e9d88c3

Files

a060f453f403879e1b7d3f9c4e9d88c3
.exe windows:5 windows x86 arch:x86

de86829371bc01d716b264fd217d97bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup

kernel32

GetLastError
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

_controlfp

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ