56f9a0be02ebaeaa92affd81946479eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56f9a0be02ebaeaa92affd81946479eb
Size

208KB
MD5

56f9a0be02ebaeaa92affd81946479eb
SHA1

6627db0d53f5ff121945e7d33cf610f1ee85e138
SHA256

a2e8ccdee930cf9bb9dc6292be2c8b4a2c816ba057512cce9749fa464f8acce2
SHA512

25a2c9e3ea4355ee90648f73278e4832af743b11480b616bef97595796c2aec031cc4ed17181b2c512a1f28ca077547138391c7f5206db58ab612ca1732afec7
SSDEEP

3072:NES9ZfIlv8Lw8EQrpwLJZWBAzPxoRrlUG8rh8d4KecAYWdMCtNkFH9jb+iCqfUNx:6Cilv8c5loou4KwOxdjSivD5eno70

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/IHLoader.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IHLoader.exe

Files

56f9a0be02ebaeaa92affd81946479eb
.zip
IHLoader.exe
.exe windows:5 windows x86 arch:x86

4f33aa84d6eea9018786e8364fde731f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect
MessageBoxA

gdi32

GetStockObject

advapi32

RegOpenKeyExA

shell32

SHGetFolderPathW

Sections

.text
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ