d68812a1b5a0c2f280b2ce81f0021d3862357cca783850bf5b2d26069db9edec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d68812a1b5a0c2f280b2ce81f0021d3862357cca783850bf5b2d26069db9edec
Size

878KB
MD5

4ddc568aef59d314903e568711a4bce1
SHA1

076a387127235860f5a7d222ff80fcb0413b7431
SHA256

d68812a1b5a0c2f280b2ce81f0021d3862357cca783850bf5b2d26069db9edec
SHA512

6cdb78ea220d6ccfce1879c710dfd969d4169d2123527475fd161d0fbb3a72e4447cf200af085340433cbf8634586513288378a9ac8cc0048c619b2fbbaf94a5
SSDEEP

24576:BuHbLluw5WBpqdRC6BBSnALGSF6ws3nV1Q9trd:wwBovC6B996ws3V29ld

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d68812a1b5a0c2f280b2ce81f0021d3862357cca783850bf5b2d26069db9edec

Files

d68812a1b5a0c2f280b2ce81f0021d3862357cca783850bf5b2d26069db9edec
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ