d3a8e06bee704be41f4a8efcfd0350b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3a8e06bee704be41f4a8efcfd0350b9
Size

7KB
MD5

d3a8e06bee704be41f4a8efcfd0350b9
SHA1

896bf4afbd3df1609ec06f7218d62116cfd2dc22
SHA256

a21c66a6498715776ea9070c2a930b865417c6a0ee48a07b152d91fd977520fd
SHA512

76dca67054e3833cc85c1248175fea785f913ac373efd9141a410c0448142a004b8b203735ea3ccd50e8b546215de95507f4d27d9b266902711fca1f8b364f84
SSDEEP

96:aTh1w0e+SAGzQGMli4DAksyDkMu0kr8FS5E898AAuAGAI97XShJcnnn+nn:aU6vLi4DAksAhAAvGAQ7CUn+n

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3a8e06bee704be41f4a8efcfd0350b9

Files

d3a8e06bee704be41f4a8efcfd0350b9
.sys .ps1 windows:5 windows x86 arch:x86 polyglot

72ad8a6a08d62d7ab3f472633043d738

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\driver\RESSDT\i386\RESSDT.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
DbgPrint
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
ProbeForWrite
ProbeForRead
_except_handler3

Sections

.text
Size: 896B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 128B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ