29e194c5dace79b11866f2af0518ae64

Sharing

Copy URL Twitter E-mail

General

Target

29e194c5dace79b11866f2af0518ae64
Size

540KB
MD5

29e194c5dace79b11866f2af0518ae64
SHA1

625bb62f1207c156a2225be8cedc9ad6c05b4271
SHA256

e462a1ead1899ffee82a2a9a76a5909c505919cc2cf8f5c2f29b8a8679d6c4dc
SHA512

38c1766a058356bbe23f133e476dc7096bb7e0005ae44cfc1c04a8f7097cb5d773a81c1b4e8f132ae982c77c364f5631c830bcdbfae0c5d096f3152a9b77df47
SSDEEP

12288:GxRsiWCbr9wb6sHScSNZwuMciQ4ky2IPoEdBM62hdWQA7eQCQG/UY1W:6ZHWHScSUc9X6wEHV2zWZ7JuUY1W

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29e194c5dace79b11866f2af0518ae64

Files

29e194c5dace79b11866f2af0518ae64
.dll windows:4 windows x86 arch:x86

cf2406fd884efec9f35187355e73ee1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Exports

Exports

ComInit1
ComInit2
ComInit3
ComInit4
ComInit5
ComInit6
ComInit7

Sections

.text
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf2406fd884efec9f35187355e73ee1c

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 47KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 13KB

shared Size: 4KB - Virtual size: 4B

Shared Size: 4KB - Virtual size: 1KB

.vmp0 Size: - Virtual size: 6KB

.vmp1 Size: - Virtual size: 416KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 520KB - Virtual size: 517KB

.reloc Size: 4KB - Virtual size: 248B

.text
Size: - Virtual size: 47KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 13KB

shared
Size: 4KB - Virtual size: 4B

Shared
Size: 4KB - Virtual size: 1KB

.vmp0
Size: - Virtual size: 6KB

.vmp1
Size: - Virtual size: 416KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 520KB - Virtual size: 517KB

.reloc
Size: 4KB - Virtual size: 248B