d5fdbb083dba55b91760d6a35f3775f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5fdbb083dba55b91760d6a35f3775f9
Size

151KB
MD5

d5fdbb083dba55b91760d6a35f3775f9
SHA1

cc96d95ce5b593a61af35b6b2dd7f849ba542f9a
SHA256

e6bec07c63fb6208f0d42a90e063f9b6b546b598e333162ed10861f6cc4364f4
SHA512

fadcaf8234cc683cffc6cc495b2d7616fb6877b4c4bb8ef7f871f862ce6da191dc6a326b665ab8c7e7d75d8102ad1b4c6bb1f546a99d38047ada5f293095cb86
SSDEEP

3072:dK/YkV0OlBt/v0JFQeTEFIhTJv/t+eWdyuzXMJeB6iKJxeyVPvL9L:E/53/qFtkIdJv1CdyuwJeB9e/p

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5fdbb083dba55b91760d6a35f3775f9

Files

d5fdbb083dba55b91760d6a35f3775f9
.dll windows:5 windows x86 arch:x86

bedcd796dfc6d976f65ef90439ffa127

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc100u

ord6156

msvcr100

memset

kernel32

WriteProcessMemory
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnumWindows
MessageBoxA

advapi32

LookupPrivilegeValueW

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ