76869de8a0c6fb1b2931ebaaf90a4442 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76869de8a0c6fb1b2931ebaaf90a4442
Size

148KB
MD5

76869de8a0c6fb1b2931ebaaf90a4442
SHA1

95edf5d06d88f8e65e24f631d09a0f22b09e8b00
SHA256

38b8edd096e031fb08604a23469a69475c6476696c85f3edd39f5934e44d71be
SHA512

664d719dffaeff01e69bb62bba70ec308122ecd43cb200e74607e0e8d1b02d9ed1362bc55eb45cdc6e821f7529e479b3205d1e82ba7aece8c6c5c80b91e27c9a
SSDEEP

3072:DKhWgrp5/kxoyPSTWPT1bnEtNeISkC7gzh/t84EOqrxAuitW:GrfyoyPx1bnEtNeISkx384EZwtW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76869de8a0c6fb1b2931ebaaf90a4442

Files

76869de8a0c6fb1b2931ebaaf90a4442
.dll windows:4 windows x86 arch:x86

ba2ac863c761f2120a67231ca69c0ee6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadCodePtr
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetAsyncKeyState

gdi32

DeleteObject

ws2_32

send

advapi32

RegOpenKeyA

Sections

.text
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ