c5d3a3ce063afde4388e43d0a98eaa3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5d3a3ce063afde4388e43d0a98eaa3e
Size

196KB
MD5

c5d3a3ce063afde4388e43d0a98eaa3e
SHA1

82497788d8c71ddc7fd7a2f15e70f03c29b4e250
SHA256

98beecd4345d9e8efdcef49db4ba03cc19d4851bf7125ff3112ad341d1a0b09e
SHA512

2278f5883c196eb762c98e587124b29a5df11bb8ce6d48d910e994547d1c2234d2dfbf3211c57ddeb939db80bfda9b89a702b527d08e09a639d6fba9fc096d2e
SSDEEP

3072:3XS8lp+AX5NkIue5sQp/XWXkaqK1aT/WMwuU//tJy6levWPlo:3X/HX5NkzKd+XkaHM1U//fYvC

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5d3a3ce063afde4388e43d0a98eaa3e

Files

c5d3a3ce063afde4388e43d0a98eaa3e
.dll windows:4 windows x86 arch:x86

d41cc462532662a2b69aa26937eafdba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

FindWindowA

advapi32

RegCloseKey

Sections

.text
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ