399f8a0be000f5563faab1bdf55ffa32cacb1ca234268e785e0232c23dc3d7ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

399f8a0be000f5563faab1bdf55ffa32cacb1ca234268e785e0232c23dc3d7ad
Size

2.6MB
MD5

39e755c08156123e4cabac6bf8d1fd3a
SHA1

908487a2e8d68a9243de6e73914f847034e6de38
SHA256

399f8a0be000f5563faab1bdf55ffa32cacb1ca234268e785e0232c23dc3d7ad
SHA512

1e65e9f783f3b2806f1d8c8ad2bde57fa97f87bb4d7f1975e43c8f4d25d7973ba95dbeaccba1568846d2164dc36b45b155483fbc81a1c51994e631be47baaba6
SSDEEP

49152:E4J9oJTzJuWJ/xzXTZpa55Uvxu4m3nGHMcvxsjnblR:Eg9KT1uezXTza55Eu4m3qZsvf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
399f8a0be000f5563faab1bdf55ffa32cacb1ca234268e785e0232c23dc3d7ad

Files

399f8a0be000f5563faab1bdf55ffa32cacb1ca234268e785e0232c23dc3d7ad
.dll windows:5 windows x86 arch:x86

d13e64bf04a6370ed93bd02d23c3af7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetConsoleMode
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

Run
Start

Sections

.text
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ