437a344a4a2dcba1efb01b1d72381d06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

437a344a4a2dcba1efb01b1d72381d06
Size

17KB
MD5

437a344a4a2dcba1efb01b1d72381d06
SHA1

569366df672e40b3b6a9d86031379e85a146eaf8
SHA256

fb713189f14dedd6dac4fef331462bb66e5a7ed07910083a9055eb2264cef066
SHA512

d8f808d43ceb535cd22b125dafb30ec28c2276d8a549c62bfcf12e47ba31fcde670c98ad7bb1b3f33a1424d35aa592a80978a7adae52077d250017ce6a897dd0
SSDEEP

384:bP9VU9DhWx5O8nSFJd/qWxyqqJtDF2yN3NA:paTWxZSXqWxTEb9A

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
437a344a4a2dcba1efb01b1d72381d06

Files

437a344a4a2dcba1efb01b1d72381d06
.exe windows:4 windows x86 arch:x86

d944f2974eee4a1459cf73a35e50e409

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

mfc42

ord823

msvcrt

rand

user32

wsprintfA

comdlg32

GetFileTitleA

advapi32

RegCloseKey

ws2_32

sendto

urlmon

URLDownloadToFileA

Sections

.text
Size: 7KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

29FVZIJ0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ