e4b4b82a04e3ca226dcaa03d4ebc1935f4c181f684cb806b8ad002fd597d4942 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e4b4b82a04e3ca226dcaa03d4ebc1935f4c181f684cb806b8ad002fd597d4942
Size

2.7MB
MD5

ddc8a59e4b9b714be1b895037f865aab
SHA1

fa41ad492959b33c49711d773f0454b8a56b968f
SHA256

e4b4b82a04e3ca226dcaa03d4ebc1935f4c181f684cb806b8ad002fd597d4942
SHA512

95ccd11f215709da8213b114edce775596b3553f7e7099dd8462d4166be5029be7f481ddee932794d391694a21e64df6592997464155b5e3ac5d8e56e300c534
SSDEEP

49152:esp8odm+QmsO/yb2oWLvcp/4eDE6F7lrXsnV5VsmNdetuvtu/oiv2kS:5pPH3sOaaoWLWgkE6FN8V7smDetuMvA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4b4b82a04e3ca226dcaa03d4ebc1935f4c181f684cb806b8ad002fd597d4942

Files

e4b4b82a04e3ca226dcaa03d4ebc1935f4c181f684cb806b8ad002fd597d4942
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ