c84b7976936d72287385c156b0e4c5b3 | Triage

Sharing

General

Target

c84b7976936d72287385c156b0e4c5b3
Size

304KB
MD5

c84b7976936d72287385c156b0e4c5b3
SHA1

be26122cfa3d91f3e9002d5847339317bf53ed38
SHA256

8018b0ac33f07b6ffc2d6ce21caacf4e4a593c4d435570d3aa62d12bee2b6ccb
SHA512

deb49cb38dd594d186a11cfcb440109527ce578f0e8b9a2a770ac1c2619badc43faf39695ef82c96d7ff2c228ad738d7473be98e1b3502a3d436eb7c2a8bed6f
SSDEEP

6144:C52SCWk4RD9UVk2GP+TtGphL8wHNICcX1G2TcYfPVBlHwmzSgi9:CY4RqimtASQNS1vTcePVPLTi9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c84b7976936d72287385c156b0e4c5b3

Files

c84b7976936d72287385c156b0e4c5b3
.dll windows:4 windows x86 arch:x86

0d90260b70cd2a82f708bd6d4a97c0cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

shlwapi

StrStrIA

Sections

.text
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ