75632a1924fbf4e1428c8fad43bbe08d54d9008abc861852ecc4b8bc5f80b679

Sharing

Copy URL Twitter E-mail

General

Target

75632a1924fbf4e1428c8fad43bbe08d54d9008abc861852ecc4b8bc5f80b679
Size

3.0MB
MD5

e38757410482f6cf1cc0d604f6f9aab4
SHA1

140e3438a9a0e8573420c0b457de6dddc980df6a
SHA256

75632a1924fbf4e1428c8fad43bbe08d54d9008abc861852ecc4b8bc5f80b679
SHA512

404018176e06848f63c25b1fc49ec0d62e9a98ffadb15c6bf598bb811a8fca30cfe5512bd6d50f5f552445dcbcbdafaa348b9b93e569c6dbdf24f5d279b41e7d
SSDEEP

49152:Mvy9V/xLw5wZRQe/68DNer3bJi6IeeMwA6pUNxOG06se/fXiNImyyz6Ag/qLN:MmNf/68DNer3bs6Ie7wvFtIPRA7LN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75632a1924fbf4e1428c8fad43bbe08d54d9008abc861852ecc4b8bc5f80b679

Files

75632a1924fbf4e1428c8fad43bbe08d54d9008abc861852ecc4b8bc5f80b679
.sys windows:10 windows x64 arch:x64

850ed9e2dcc84c906f4efaeefdab2481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeEvent
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: - Virtual size: 336B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

850ed9e2dcc84c906f4efaeefdab2481

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 116KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 11KB

.pdata Size: - Virtual size: 3KB

PAGE Size: - Virtual size: 336B

INIT Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 512B - Virtual size: 8B

.vmp2 Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 512B - Virtual size: 188B

.text
Size: - Virtual size: 116KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 11KB

.pdata
Size: - Virtual size: 3KB

PAGE
Size: - Virtual size: 336B

INIT
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 512B - Virtual size: 8B

.vmp2
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 512B - Virtual size: 188B