fa7d61c8ad81d81a45382c7d8ca230b178c99f78347d3bb82119fa1b815e3cfc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa7d61c8ad81d81a45382c7d8ca230b178c99f78347d3bb82119fa1b815e3cfc
Size

2.2MB
MD5

1ac0b0da11e413a21bec08713e1e7c59
SHA1

2d5fe67b41cb08061eef6ff5cd01cfc24736d96c
SHA256

fa7d61c8ad81d81a45382c7d8ca230b178c99f78347d3bb82119fa1b815e3cfc
SHA512

4fe28cac1cbca911dd570dc5d8d999dac4d8ef6349891e94e13d3b76b871993194a8136568f7a2fdc79158ed8e86f28c7ba3cbbd9d46cb35117fab395a162796
SSDEEP

49152:sSuvKCtgI8/NYIs3xcHgbDSeLQ06gLANqmoklswVAPLRg0iogaNgt5y:svKIgI4NYIs3pDkf0mxswVKLxyt5y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa7d61c8ad81d81a45382c7d8ca230b178c99f78347d3bb82119fa1b815e3cfc

Files

fa7d61c8ad81d81a45382c7d8ca230b178c99f78347d3bb82119fa1b815e3cfc
.dll windows:5 windows x86 arch:x86

ab4de95b860b5ef927dbee220c45bc74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

Run
Start

Sections

.text
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ