72c0b4038975cc8ab48b0936b7db0808 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72c0b4038975cc8ab48b0936b7db0808
Size

4.5MB
MD5

72c0b4038975cc8ab48b0936b7db0808
SHA1

89779cb3f3c17fe6327951914084ca526c4f9e17
SHA256

be252030f2f3ed7a47dd829dc61402af4c39ef65f94a3d7902d620f9f03159eb
SHA512

836346d1c77eaf8737b5040d57e4dc1c1a7fea427dd6eba00c509c1ebe67cc2c7aa3ec11f65f88a5831e882bce443bc6ef299caee56ac2e3997a52fb6be053cd
SSDEEP

98304:k/XTNuEgLHJ0mNIa4evoYjacruElytZDn44LawgVlqRgfAh8XeUc:nEgLHJ0mHlj4l4bwwqR5hieUc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72c0b4038975cc8ab48b0936b7db0808

Files

72c0b4038975cc8ab48b0936b7db0808
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ