d9f59fb89ea6f38d18992a416463cb1150b12f21b04739fde93a1fd6c2c5dcc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9f59fb89ea6f38d18992a416463cb1150b12f21b04739fde93a1fd6c2c5dcc1
Size

5.8MB
MD5

81ddd1c8864624094df5b8dfecec104f
SHA1

15bd334c602239ada4685843180d92223890f536
SHA256

d9f59fb89ea6f38d18992a416463cb1150b12f21b04739fde93a1fd6c2c5dcc1
SHA512

d56dad283cf589e61dfad03c1fb60b1d9c8e7f4ee4efe66975833590ffb8f83a3f7ed20f329a2fca1ef77d0273969a562024845802b029671db15bc3ec3a6bdb
SSDEEP

98304:7w2dZLJ02lRHiZZ+BIW65DrY6UC2zRymG1lk8JXFWB/M867upKnRZV4FC7Nk7Etc:7FjbHiZZFL5DrfamFWMBupN7KxAnOjC9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9f59fb89ea6f38d18992a416463cb1150b12f21b04739fde93a1fd6c2c5dcc1

Files

d9f59fb89ea6f38d18992a416463cb1150b12f21b04739fde93a1fd6c2c5dcc1
.exe windows:5 windows x86 arch:x86

9f35cc034966c27b4c592aae396abb7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

recv

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ