5877b45d2a0cbf07a1943539a64e9ade | Triage

Sharing

General

Target

5877b45d2a0cbf07a1943539a64e9ade
Size

42KB
MD5

5877b45d2a0cbf07a1943539a64e9ade
SHA1

72140af55a2da6f040637dc2af98835819839e7d
SHA256

29d7b4a7e3d3290e5680e8942a325cf53fa82058283c8569738a5c6453a66304
SHA512

8db01b81fa69f500ea0cfdac7469268da0eff706326af4972a1663fd4b7c592baf5883c76a18ba9d5a60f909791bed8e6b08a87a300d695995b2cc5058a72916
SSDEEP

768:89rT0eA8OzA7P7B2ZwlFBIg3kArHEMPtcM6uxgCGi2Yir1kRbSFSBmrhm:8AhazciJLHkGtdjxgCGi2YEKSP4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/1b9638f4cdb068840c2e0a8b8c59b337.DLL	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1b9638f4cdb068840c2e0a8b8c59b337.DLL

Files

5877b45d2a0cbf07a1943539a64e9ade
.rar
1b9638f4cdb068840c2e0a8b8c59b337.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ