ba2865653fd426807f19cc65cce661bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba2865653fd426807f19cc65cce661bb
Size

200KB
MD5

ba2865653fd426807f19cc65cce661bb
SHA1

3ca2bd3a234e51e4d818e07065ec02d6cec57490
SHA256

6cabd7a19bb4e91b69df9f40166715c2f0326d31c6c65f3fba8ec85de2825022
SHA512

eb9c1725dd7abcc3e7ad80c46f12ef23b199ca9b8ce08e40f513936de6456cac599f4d7dd61ec1061f3ae2b4fbccb183de2d329991ab97d59622d23dadecffa2
SSDEEP

6144:cOcqHkVhC+Ak67BnW4mr/lx+JyDBWkoqVULg:cOkhDAk6FMPQy1zoH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2865653fd426807f19cc65cce661bb

Files

ba2865653fd426807f19cc65cce661bb
.dll windows:4 windows x86 arch:x86

5e40e55348ddbfab1fa9d9f7db47e1a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBeep

advapi32

RegQueryValueExA

Sections

.text
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ