8d420b53dc111a6a7af8702471e32031 | Triage

Sharing

General

Target

8d420b53dc111a6a7af8702471e32031
Size

174KB
MD5

8d420b53dc111a6a7af8702471e32031
SHA1

68f0c2ecfa790d946f950b773ad1c4a59d227ca3
SHA256

7535e849971ec0ee52e4362ef35de6a5cf163efd1652cfbd33fc9244a1ea0138
SHA512

7b767b350b868d9f65593b17dab77ca89c3499673ab1cd6e2da6cd1b2e9cacfc4370296ffaa06e0e17072b8c93cabeb7ab0350dfe39a3925fd0fece71d14853f
SSDEEP

3072:Zao5Xsa7Odhdst3GTBQ97QV+/9DP1FTMDqUI+1JNMEMOGXIEMYBVPmg:Z5Rsa7Oi4i7QejGmUv1JSEJGXIEM0P

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d420b53dc111a6a7af8702471e32031

Files

8d420b53dc111a6a7af8702471e32031
.sys windows:5 windows x86 arch:x86

2815a26316831738d3675416954567f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
memcpy
memset
_except_handler3

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ