0178cf9fb1843547d235407c92ddb861 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0178cf9fb1843547d235407c92ddb861
Size

168KB
MD5

0178cf9fb1843547d235407c92ddb861
SHA1

4f3b95b8de2dd18415f5970855e5e20f153c4f97
SHA256

9c580d0f46c3689a518d7adc9e2457ac7b2e3a6326aeee0a6ec7895acbd76f02
SHA512

3c5bd8a535ceec2d4724756f95a7e6aacdbd6f66fc3fcf502ace31a47879c000284eb417312fec7ef9c4d436ec3a24683c491aa1c789a5bca72c562dbb94474b
SSDEEP

3072:KcURVzuchUmUKgpg+cV7FgykSk7qMu1cEo4Ominv/H4zUJRGxSD1g11C:Krudm9gC7qy5KqB1ceinHPNC1C

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0178cf9fb1843547d235407c92ddb861

Files

0178cf9fb1843547d235407c92ddb861
.dll windows:4 windows x86 arch:x86

4c3de1d56e0da543f80ba94ac4057dd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

wsprintfA

advapi32

OpenServiceA

msvcrt

_strcmpi

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ