05b63b69e8737309c960dccd9049b2c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05b63b69e8737309c960dccd9049b2c5
Size

186KB
MD5

05b63b69e8737309c960dccd9049b2c5
SHA1

b6e21466b3811a322420a2a82d52bd67759af6e7
SHA256

9871f1b1b6de20e959a7f17bd2490eb5f92856d78dd67790c27ca0112ab60c5a
SHA512

11879ce5c0ecb8fef643b19a12f69f939956ffd1c78cc26a5d09cfc436d9c604f215aaf90ebad3f21b594a59a458af5f29f5197c36d536d8ac02710abefa62ef
SSDEEP

3072:AiDiwUvERC6WkBtTK/QOITCPXdWo0E71MRphlhIIH+Mhco6k6a:TbU806WkBtW4duPXJep3TH+MZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05b63b69e8737309c960dccd9049b2c5

Files

05b63b69e8737309c960dccd9049b2c5
.sys windows:5 windows x86 arch:x86

2815a26316831738d3675416954567f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ