16c780fbb09cd5abcb5c57828b73231d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16c780fbb09cd5abcb5c57828b73231d
Size

151KB
MD5

16c780fbb09cd5abcb5c57828b73231d
SHA1

bf7e90495efe15c6f56d32bc9dd795e53feaa4ef
SHA256

840961ef4f319562ec92438382c6624821f788b4f4c4f7d32cd4607b2a1c658c
SHA512

46d1d7e4c742e0bdaa74ace5a193e8bde00ce11e4154196c8b2cd79a2d2376ff7a086b5c6e33b80c29bda5770a603ebec200c81676d01df8020e928ec90614f5
SSDEEP

3072:ynLM2M199F5TaGmrZ35Y4g3/r7f2GN/8S203fe7L6R1fgMMT2SIHJH:yLPU0rZS1/f2GNS03f3R1pM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c780fbb09cd5abcb5c57828b73231d

Files

16c780fbb09cd5abcb5c57828b73231d
.dll windows:4 windows x86 arch:x86

acd9fa3a74cc4c1d92998e6ad62eeb8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
LoadLibraryA

user32

wsprintfA
MessageBoxA

Exports

Exports

ServiceMain
ServiceMainManual

Sections

.data
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 308B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ