b5ca9210d11fb0fef3cecdf1b43f2c41 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5ca9210d11fb0fef3cecdf1b43f2c41
Size

154KB
MD5

b5ca9210d11fb0fef3cecdf1b43f2c41
SHA1

267f496bfab7c82005fbb7fdad0dc44da590250b
SHA256

e1e0e0abe53bf9f01630d02dc20c5290f9b8531ee912a1673bfa675ffc2ad3d5
SHA512

7227591c465ec45212b406b08ace712a6c0b423724d745e2b2f69ef204f08509abc6d6836554d3b98312ccfe49daaf64d0be77e46776acc85b8d4d678cc60ce2
SSDEEP

3072:EIT2UM1pU5YBFp7is6bVbbBK9P77J63H04F4dhVu5veL+9EwY:EN5Fp7BiSfJ6E4rE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5ca9210d11fb0fef3cecdf1b43f2c41

Files

b5ca9210d11fb0fef3cecdf1b43f2c41
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE