1bd999e5cafe151982473d6a7a1b6f31e28c7db8825688cdfce028494dd1334f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bd999e5cafe151982473d6a7a1b6f31e28c7db8825688cdfce028494dd1334f
Size

354KB
MD5

e6c4b71d5fc91ff1d821c8c2b9f78f57
SHA1

7592c1fb3aa28cc811f84ed6dd5ac42b59fcd227
SHA256

1bd999e5cafe151982473d6a7a1b6f31e28c7db8825688cdfce028494dd1334f
SHA512

1c268962a8afe7f903682de685a5336c9a8fcd04791c993efb76fd6c7c640e07439727227b33a86d3b82edd1be88d04789bbac1b685acaa7a02356ecb825edde
SSDEEP

6144:6JN2oAqf6g8nrgUnpqBKdm3qfYhLlLqAbW8fzD0NYe2Xbrp5Z0z+JLic65d:BoAGirgHEePhLlLvK8f8NknTG0t65d

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bd999e5cafe151982473d6a7a1b6f31e28c7db8825688cdfce028494dd1334f

Files

1bd999e5cafe151982473d6a7a1b6f31e28c7db8825688cdfce028494dd1334f
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ