bb10c59d2f419a62dcca61726d9d6260 | Triage

Sharing

General

Target

bb10c59d2f419a62dcca61726d9d6260
Size

320KB
MD5

bb10c59d2f419a62dcca61726d9d6260
SHA1

94c8b7640097bad4556d497ed29bac85082d67f4
SHA256

4abe1be22aaafff493368f4fca08d6b354ace95c470de67ed77598932e8abfe3
SHA512

62ba7a39b74ec6e208930b57c77ad1901eb4dd291c3a85225e7372b8e39a51d3e4e7359d408199d8ecbaefeb9c1537ff0b8ba8bc54d08065eee3cf89f54c8574
SSDEEP

6144:Bhdm3EC3tqjroLuNlY+LP8GafW5cHxsOoMUGaTfJ1ztNFGW5fCXmUiEU:BhdmUCd2roKE+wLe5cRjovGQR6WfC2U9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb10c59d2f419a62dcca61726d9d6260

Files

bb10c59d2f419a62dcca61726d9d6260
.exe windows:4 windows x86 arch:x86

da86ee578766ba0526ad45a5cf466ee2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
wsprintfA
MessageBoxA

kernel32

CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
CreateFileA
WriteFile
CloseHandle
MoveFileExA
GetModuleHandleA
GetProcAddress
WriteProcessMemory
OpenProcess
VirtualAllocEx
CreateRemoteThread
ReadProcessMemory
RtlCaptureContext
RtlCaptureStackBackTrace
RtlFillMemory
RtlMoveMemory
RtlUnwind
RtlZeroMemory
VerSetConditionMask
VirtualAlloc
VirtualProtect
VirtualProtectEx
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ntdll

LdrInitializeThunk
LdrLoadDll
RtlAdjustPrivilege

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 267B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE