2cef4471ba89029bb98d1017c4336f29ebe33f49217010fb7fae5c39ab9c9cdb | Triage

Sharing

General

Target

2cef4471ba89029bb98d1017c4336f29ebe33f49217010fb7fae5c39ab9c9cdb
Size

1.1MB
MD5

fbd682c02d75a6269813af4f5c0724a1
SHA1

9863c0d332ab90e251acdaff2f9f7a6302efe87b
SHA256

2cef4471ba89029bb98d1017c4336f29ebe33f49217010fb7fae5c39ab9c9cdb
SHA512

d9a168eed0f6c0a3f5bd23ff9608f1fe47f48fce1f47b02f5906f86acc3b01fe80ac1d6a9cf087bb21320c38a148409b1d6d8ceba8449e50212494b8fedd0f92
SSDEEP

24576:N3tnGWpXluF3Qg0I0RfBXC7ik7s6kuLn/FWD+aED9c5NFRUedY:N9nN1uhQhIA176kgX2NPy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cef4471ba89029bb98d1017c4336f29ebe33f49217010fb7fae5c39ab9c9cdb

Files

2cef4471ba89029bb98d1017c4336f29ebe33f49217010fb7fae5c39ab9c9cdb
.exe windows:6 windows x64 arch:x64

f5f4225aacf0e91c0bfbeb420bb9e679

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Thread32Next
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowThreadProcessId

Sections

.text
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ