1a69935073fb2ff90d74e75428854bf8 | Triage

Sharing

General

Target

1a69935073fb2ff90d74e75428854bf8
Size

1.9MB
MD5

1a69935073fb2ff90d74e75428854bf8
SHA1

41abbb5100a64a9637cd5af6b678902baf731013
SHA256

3422b33a307f80a5dad2882982e061d1ed496f7a1b5c6541fdde8cbab133af7a
SHA512

cdf36b6ce52de3447154d64d3c3d180b8a540f51d2c60cac1bd04b440e51c1050cbb16a15935ffc5c1c2b93b0a4c3d26c0278c612f6171835b09bc650342538b
SSDEEP

49152:3eSgHKhG7DuyiTDi+EjIJo54clgLH+tkWJ0:upq47DfsibIFcKHgkWJ0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1a69935073fb2ff90d74e75428854bf8

Files

1a69935073fb2ff90d74e75428854bf8
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ