51409e95b696e5c2e8d770d3fad29976c4a5e5ff54f9fc5ea22062d97d5c6cd2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

51409e95b696e5c2e8d770d3fad29976c4a5e5ff54f9fc5ea22062d97d5c6cd2.exe
Size

5.5MB
MD5

2a302c859a9ad3a02c688e9f812221be
SHA1

e222920bddb6a6959a79541f7d866a7087048472
SHA256

51409e95b696e5c2e8d770d3fad29976c4a5e5ff54f9fc5ea22062d97d5c6cd2
SHA512

9546312e4346a487d6dbe549ff04207292a91fb2f77584beb9d3fa9260e82628e6143a54ce8d46f7bc4427c21e6533c16526b783254aa0de62eedfed9b1a81ae
SSDEEP

98304:2W5kzFFGFU5S71sl34ugqQLtD7Yiipo/58b5UYDPQRA7b9uXyZJSgx7GbGNH:zwp5G2nQ7Yiipo/AVDPQm7b9uO5Zm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51409e95b696e5c2e8d770d3fad29976c4a5e5ff54f9fc5ea22062d97d5c6cd2.exe

Files

51409e95b696e5c2e8d770d3fad29976c4a5e5ff54f9fc5ea22062d97d5c6cd2.exe
.exe windows:6 windows x86 arch:x86

89c8abd38fd3ffc06ee06d01f9b3cbbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance

oleaut32

SysAllocString

user32

CloseClipboard
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

BitBlt

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ