36c9a146611db8af6226b3b7215d06f49e5acdaffde1f7baa4511c264fa66c9d | Triage

Sharing

General

Target

36c9a146611db8af6226b3b7215d06f49e5acdaffde1f7baa4511c264fa66c9d
Size

5.3MB
MD5

fc12f270ab4683a6160a5241795a6511
SHA1

4204445e234df08d0ee2a4b1909af2f315d97cfd
SHA256

36c9a146611db8af6226b3b7215d06f49e5acdaffde1f7baa4511c264fa66c9d
SHA512

f74c5690e21fa210c145240fd6600100eacbc2c9382020e8fbc0c2e7a346b3312f22765f19cb465e19aa00d7d7eaaf3aa70d7c2685df18995c80a6a6ed912aa0
SSDEEP

98304:luXZTQyxSuGpSjtdQPTWXEBjSGi22Mio4WcrcTrUtj7ktARA7:lCZsyXxpdQaU9RH2M77rgtj0D7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36c9a146611db8af6226b3b7215d06f49e5acdaffde1f7baa4511c264fa66c9d

Files

36c9a146611db8af6226b3b7215d06f49e5acdaffde1f7baa4511c264fa66c9d
.exe windows:5 windows x86 arch:x86

9f35cc034966c27b4c592aae396abb7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

recv

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ