ab59225484586bcb00f69a09ae0ee66a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab59225484586bcb00f69a09ae0ee66a
Size

804KB
MD5

ab59225484586bcb00f69a09ae0ee66a
SHA1

c2771a0fa739c031a9cda8253ffff063eeb5e542
SHA256

50b5f04fae148b9f622e57e326ae9a3bf44fe81a67fae006124f2dc735b5a089
SHA512

1a6277d60d731b5bcb9254c0ca3eb6a2c2a6acbc9272551517768831c2d3dc86f84c0e6b7e01f354ff3c7f8a9a0fcc09a0d9e44c76fd13c07cc0306bfd12e4b5
SSDEEP

12288:dycVo43ekG5eIvdJIBAJI7f90BBWHnhoMap42WQ0a44e:dBK4ukefIBAJI7eWHYp4ZT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab59225484586bcb00f69a09ae0ee66a

Files

ab59225484586bcb00f69a09ae0ee66a
.exe .js windows:6 windows x86 arch:x86 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ