c54fbdb20beb1a7e369d4861db0cf608 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c54fbdb20beb1a7e369d4861db0cf608
Size

339KB
MD5

c54fbdb20beb1a7e369d4861db0cf608
SHA1

da4343c945cc634ada960f9403199d57b675407e
SHA256

100c0fc385e6192d7d76f114677f58e63802a83246110d84eb4a27bdcee0e907
SHA512

25d9dbf15bfa9c4bbb17717728bdfcbc727162e70f28938117c3b0e07235fd7ee450de61f93a79a43d3cf7527fb210b167c3618e6390d0170f7ccb27f49fa6f9
SSDEEP

6144:yF8YYNJjGSkKtctygzymPWp2T3iuqIDMmHOaLeOUXBxsxmPmYt2DwhCj92:a5OyzySyuEIEY1+rsxm7t2DwQE

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c54fbdb20beb1a7e369d4861db0cf608

Files

c54fbdb20beb1a7e369d4861db0cf608
.exe windows:4 windows x86 arch:x86

681f9bacd29639e618c16c1a2d6a226a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA

user32

PostThreadMessageA
MessageBoxA

advapi32

DeleteService

ole32

CoCreateGuid

msvcrt

__p__commode

kernel32

SetFilePointer
GetModuleHandleA
GetProcAddress
VirtualProtect

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ