44eb2d79405b65bd1eef0e2b7049d54b55aece5e4d5e02f9a52987153cb6b015 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44eb2d79405b65bd1eef0e2b7049d54b55aece5e4d5e02f9a52987153cb6b015
Size

1.3MB
MD5

423d51ca7d9d301c7b1cf0d5b2ceada9
SHA1

ad412956ea9e4d5235c21e919351585a1d615c50
SHA256

44eb2d79405b65bd1eef0e2b7049d54b55aece5e4d5e02f9a52987153cb6b015
SHA512

8472ad0c864cd0503ec92516d821d0cb5c86171b2d67cd8eb0ce8a2463319a29283ca182a7e1c12074b0857313ea6154e3dcfc9efd79f245eee0a328286d264a
SSDEEP

24576:FbGuO6F/OC+osDKk8Faz/856arhFthICCtf+5pLpJ5idP5Zv9bMjJjFQphu3K:FiuO6kXPAGtarjtlumvdJYTWjEx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44eb2d79405b65bd1eef0e2b7049d54b55aece5e4d5e02f9a52987153cb6b015

Files

44eb2d79405b65bd1eef0e2b7049d54b55aece5e4d5e02f9a52987153cb6b015
.exe windows:5 windows x86 arch:x86

99d002e0832cd11665835a3e683d6f18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ws2_32

connect

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ