3a2cd129c093e38096011ef6492d696c

Sharing

Copy URL Twitter E-mail

General

Target

3a2cd129c093e38096011ef6492d696c
Size

18KB
MD5

3a2cd129c093e38096011ef6492d696c
SHA1

b4a44e4c08b9b25c0e37c56b65e2b24e25837247
SHA256

52a4563c62a4215286ea79827b9dc09b1d4a4a84f088b9accd7428701fb5e401
SHA512

fbf51cf126d8e9a27394f1b0cadb1a13f5059705c873dc5f4caa17320e70a9d401afc05d3602f96ed8f07114b26a4d0cb5ef2dbd54d8cd56d9e713506ce6fd4e
SSDEEP

192:mqfUCuN2urEey9bHEdsbSD5gcnMIMXRoZVr0EmkbBWdcgtuWDU6cR8HQjDfaknH:mqcRN2GEUdYSD5LM2/r0Emk5GI8wx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a2cd129c093e38096011ef6492d696c

Files

3a2cd129c093e38096011ef6492d696c
.sys windows:5 windows x86 arch:x86

59b3e5b03c3a7b39318df7e72d5e2574

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObReferenceObjectByHandle
ObfDereferenceObject
ExFreePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ObQueryNameString
ExAllocatePoolWithTag
RtlFreeUnicodeString
wcscpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwClose
ZwSetValueKey
RtlInitUnicodeString
ZwOpenKey
wcslen
swprintf
strchr
wcscat
wcsncmp
ZwEnumerateKey
sprintf
_strupr
wcscmp
RtlCompareMemory
RtlUpperString
PsGetCurrentProcessId
ZwQueryDirectoryFile
ZwQueryValueKey
ZwEnumerateValueKey
ZwDeviceIoControlFile
ZwQuerySystemInformation
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
_wcsupr

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59b3e5b03c3a7b39318df7e72d5e2574

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 1024B - Virtual size: 952B

.rsrc Size: 128B - Virtual size: 16B

.reloc Size: 640B - Virtual size: 594B

.vmp0 Size: 3KB - Virtual size: 3KB

.vmp1 Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 1024B - Virtual size: 952B

.rsrc
Size: 128B - Virtual size: 16B

.reloc
Size: 640B - Virtual size: 594B

.vmp0
Size: 3KB - Virtual size: 3KB

.vmp1
Size: 1KB - Virtual size: 1KB