ba31e14148516626bfba2752f2e3aa7b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba31e14148516626bfba2752f2e3aa7b
Size

116KB
MD5

ba31e14148516626bfba2752f2e3aa7b
SHA1

f528376fae534a74cd8e9327bbe18179649f9aaf
SHA256

b641798579d5219d26f46a9bfaf3eb21fc539b1da59a4024720f4288b1bb96d0
SHA512

634e9f07923d2918f81251dc36c88c2da303b4b612b38533a767670fdb0b36b43448325e6ab99f781b408dd0851519813b19d858dba6ea9398d0677da02adf68
SSDEEP

3072:FNWOgHlq/km62Q1IsH3sMltIAHlHDVuhm7FAt55OL5ROLZH:jWnJ2bsXsMHlHDVIm7St58PW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba31e14148516626bfba2752f2e3aa7b

Files

ba31e14148516626bfba2752f2e3aa7b
.exe windows:4 windows x86 arch:x86

1e7576450ab6e658aad47518f439c36d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord666
ord667
ord598
ord520
ord709
ord631
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord645
ord571
ord573
ord100
ord616
ord617
ord650

kernel32

VirtualProtect
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ