a3595a3cb1644fab6f5cf6cf2c8d3d52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3595a3cb1644fab6f5cf6cf2c8d3d52
Size

321KB
MD5

a3595a3cb1644fab6f5cf6cf2c8d3d52
SHA1

ce0238fa45cd543b2b0f5159d58493f4f1a23085
SHA256

f2be2c13f457aa17718ba1fd475fc5c2b8874007b2588490cd62cca1ff78bcae
SHA512

166dc822d3e97eccd8daef657c7c9922f19f3f305b0251c804878a9bfcb579d983a79195550bdc3c5cafb6b14143dc3883491c6f605f22453076795a2862db29
SSDEEP

6144:HqaIgaz5y7LULI9yjSESQPmFt6huN2U3tK54BnDHu:KajazgnUL0vrsUdK54ND

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3595a3cb1644fab6f5cf6cf2c8d3d52

Files

a3595a3cb1644fab6f5cf6cf2c8d3d52
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ