ae78e5ff68bc008234bf0f6eda889a6bf0fd10a0cda5dfe27a922b90abecae2a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae78e5ff68bc008234bf0f6eda889a6bf0fd10a0cda5dfe27a922b90abecae2a
Size

159KB
MD5

c63ac831e4acc2653433eed445009709
SHA1

ee27582f42e912cd67f3a5c2ad5741f6e830111d
SHA256

ae78e5ff68bc008234bf0f6eda889a6bf0fd10a0cda5dfe27a922b90abecae2a
SHA512

b8b8f7e45b5bf3cda72637ef9ecfbaf17d4d43b287284e6f18b616c149fd8ee7add15d246649b01bb77e3e3684d4da2f2dfba5e399026a810a327f3cebf59ce6
SSDEEP

3072:pnNeeyb9NqYNGoAqXP5gKyFWdBEncCRgXkfvpTylBKdmEJiR:6JN2oAqf6g8nrgUnpqBKdm3R

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae78e5ff68bc008234bf0f6eda889a6bf0fd10a0cda5dfe27a922b90abecae2a

Files

ae78e5ff68bc008234bf0f6eda889a6bf0fd10a0cda5dfe27a922b90abecae2a
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ