3c0894b971f11dd7faf0299fd98366fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c0894b971f11dd7faf0299fd98366fb
Size

1.1MB
MD5

3c0894b971f11dd7faf0299fd98366fb
SHA1

2a2625c056a84fb48da9c2c63ed13372755adb60
SHA256

399b7f6f5bd8c4eefcd0fbb89176cedba17c7f7786c91df56522864bd4db8783
SHA512

562e69a82df3e9279051289209b0b6e4d2b5d6b27018dfbcbc70184ef01d8dae075c35ad387a281d3de37b09e9bf2252d79b02f95cd171a162feec2052b9d688
SSDEEP

24576:cjf7aGrrPbAAzNdh0OQJ95lYIkiEVnAFOKc/jwydD4o6mhdRuvl:cjTvbzH/QJ95lYIxEVnkOKKXSo7hd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c0894b971f11dd7faf0299fd98366fb

Files

3c0894b971f11dd7faf0299fd98366fb
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ