483c7b6e43cfa6705761f65e7536ea57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

483c7b6e43cfa6705761f65e7536ea57
Size

371KB
MD5

483c7b6e43cfa6705761f65e7536ea57
SHA1

a2a15b649da80019caecdfb491fa870aa06a254b
SHA256

c6db7a3e7d90cb2e2b90e362544ca080500e0ee7ec52871680ba28cb7b9c350e
SHA512

efe64a906fbfab8eca15f33f7716819444d09975e293d9c36e520e4a3066be09605ff106eba9a434eaeb4ea1dea6cac53803c16a4a82e33017806ee8d0e6d103
SSDEEP

6144:scZp98E2kB1bkp59VedDf9oeVJo6A9U9b+40JGobkxi9uYM0sqltfaaVe3Z:1n98E2E1gFVmCxo+4KGobk89uYMHAfal

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
483c7b6e43cfa6705761f65e7536ea57

Files

483c7b6e43cfa6705761f65e7536ea57
.dll regsvr32 windows:4 windows x86 arch:x86

d143a34227cc2fc9284f6f64031c68ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSCUnInstallNameSpace

kernel32

GetOEMCP
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSPCleanup
NSPStartup

Sections

.text
Size: - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ