1ca441916a5c74e2ecea223a0e4405a5 | Triage

Sharing

General

Target

1ca441916a5c74e2ecea223a0e4405a5
Size

127KB
MD5

1ca441916a5c74e2ecea223a0e4405a5
SHA1

7f9b575eb8f6d55caf8c04d50f882cb296a4aaa3
SHA256

6cc971ab6320abc06ceab4fc7cf052988a89a67f36fa1a4ac6363ce4a5b476bc
SHA512

9f6cfb424d4945a7eb72d0c21de005185154e0a99cfce44a0480bf9454af6cdb1740f2b1b14beb44464aa01c4920b5c40c92436bb5d5a5e52b1f39fed5665201
SSDEEP

3072:4mShmT40qVgwcl4wfmwnBa2AH1lBQFqSh6UX0vJa:6sT40qCb5ewBa2U1bsThvXka

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca441916a5c74e2ecea223a0e4405a5

Files

1ca441916a5c74e2ecea223a0e4405a5
.exe windows:4 windows x86 arch:x86

13610ed0300ad691beaa2e1045905372

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA

advapi32

OpenSCManagerA

shlwapi

StrStrIA

msvcrt

_controlfp

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ