a3328d7b62f364474d30db27a18bd30f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3328d7b62f364474d30db27a18bd30f
Size

160KB
MD5

a3328d7b62f364474d30db27a18bd30f
SHA1

b33be633c943d841a239ba464a6420ecdbe11768
SHA256

e83fbe844f92eb9f26eeece895c45bbc4de6454dc2ec8525f63129540dfa4760
SHA512

f36d51681994ac5e6074d69885f977f3d6e72a824afce9cf1686c412e1409e956e758fef4b0c6db9367eb7527065319e0c9986406201b6d55288f97bbf8ce696
SSDEEP

3072:uJ01MKDZJUloO2Er324v7luw6x8UwvhLebVeLwT1VJ896VWGEVK0MdE1:uJ01XPm324v7lqx8hgeLI1VJ8960GJ01

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3328d7b62f364474d30db27a18bd30f

Files

a3328d7b62f364474d30db27a18bd30f
.exe windows:4 windows x86 arch:x86

abf0ab1551d460b2c1d9eebaa7b32540

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord711

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ