d46f6a28b2812f5be90aa3ca7ee3303b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d46f6a28b2812f5be90aa3ca7ee3303b
Size

168KB
MD5

d46f6a28b2812f5be90aa3ca7ee3303b
SHA1

6ffe5cf0be653d8723e20761a8752b4b22605ad6
SHA256

6daaf61dd6d05e5db6e0e84b1056bd9b3a1c34c2a3c79493e0e25bd0447fc6fd
SHA512

a6a7ad2dcc9321543b48d509f494781e4cdfa95b97b6184687f9b6ff3a1b5fd4809490fcca56fe793177a294e7426ee1defc372c7487b707c8b68776ce5383d4
SSDEEP

3072:rHWJdMborPteTOTKgWfjgZXgxYc6baM5BKpOChSKPFnT2diMwp/kW:rHuMborPtI/sbaAARFnqd6/Z

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46f6a28b2812f5be90aa3ca7ee3303b

Files

d46f6a28b2812f5be90aa3ca7ee3303b
.exe windows:4 windows x86 arch:x86

3922ef0edfeffafb85a042db5d6e4b84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ProcCallEngine

user32

MessageBoxA

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE