2f285a7990f99258ab4294b0bb696319 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f285a7990f99258ab4294b0bb696319
Size

955KB
MD5

2f285a7990f99258ab4294b0bb696319
SHA1

c7fa0f0f0329eff777674be00d1815c317f8e868
SHA256

36ac4170a8070b82ccc6e9ce8239396b47bb83d6d7b437fac386d3adbb1c4dc4
SHA512

1d634c7411f602d6f71dbc9c14ff295fb9d71ae31c4257e3d8302c44efb283b5e0c6573427b0943547da896ded3daf4085d84cd861088323a79ba4d61b0fb02e
SSDEEP

12288:bfDwyZtwA/As4wTCyrPT0yq0VezaOvoJpaz/g/J/vVoS:bfDwy/wA/N7lry0VeH8az/g/J/No

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f285a7990f99258ab4294b0bb696319

Files

2f285a7990f99258ab4294b0bb696319
.exe windows:4 windows x86 arch:x86

b01e927720a50c2848c572aec1dcefcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcrt

rand

shell32

StrStrIA

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ