649860aa20fd8eb64b604ceb7926c070N[.]exe | Triage

Sharing

General

Target

649860aa20fd8eb64b604ceb7926c070N.exe
Size

740KB
MD5

649860aa20fd8eb64b604ceb7926c070
SHA1

ae5fd57ff2e74abc609803253139a945023f1ff1
SHA256

6c98e4e8f306f71fa0851289f0ae75566d224b88c2a93f2cd5ed1be7ca1561d2
SHA512

8dd5b94fe9515ebcc66d8b66f38637fdf7ec531b45c452934a44f4a100cd5fbc5da5176904150201c18e761c58e19b1c5f13bf886842b56c70f4eb936e144234
SSDEEP

12288:2z2pOdrPb5PPLYmO4tYoKdicX942bNhob4vELFg5CXbqWPgdhyc8XzXQ92zpBwdN:2z2pOdrj53L9+7As9nbjq4vELu5EbubP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649860aa20fd8eb64b604ceb7926c070N.exe

Files

649860aa20fd8eb64b604ceb7926c070N.exe
.exe windows:5 windows x86 arch:x86

e44e65d9a778f22a29c3666e092c408f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowThreadProcessId

advapi32

OpenProcessToken

shlwapi

PathRemoveFileSpecA

psapi

GetModuleFileNameExA

dbghelp

MiniDumpWriteDump

Sections

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ