eda5a41d74d78825c2e0ec3c47a58e2a8816d842f85aff19d26eb113c36c448d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eda5a41d74d78825c2e0ec3c47a58e2a8816d842f85aff19d26eb113c36c448d
Size

5.4MB
MD5

27c5c5fb63f58a8aa37c39d991f93f0c
SHA1

b6f36cd9487897814f2738a209810b364f388b44
SHA256

eda5a41d74d78825c2e0ec3c47a58e2a8816d842f85aff19d26eb113c36c448d
SHA512

42c5921ae8669020ecc421d1eabb0c13d09ad30ebda5707c68620b57a3a9b950a13af63a58d2ef557b53f40e161ddeb3c394783f50747d16b181497ae4fb2c7c
SSDEEP

98304:2Ud1MYG6Ozvmtg84wcEmLWjZq9MMWvXOgQRMSDIVb9A/n4Op+/Yu:2g1Re81zmABpvQR16b9AW/Y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eda5a41d74d78825c2e0ec3c47a58e2a8816d842f85aff19d26eb113c36c448d

Files

eda5a41d74d78825c2e0ec3c47a58e2a8816d842f85aff19d26eb113c36c448d
.exe windows:5 windows x86 arch:x86

9f35cc034966c27b4c592aae396abb7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

recv

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ