837c2395ff70ade054a63033edfbd428f0d1e0520badc4a393143d06589b8a2e | Triage

Sharing

General

Target

837c2395ff70ade054a63033edfbd428f0d1e0520badc4a393143d06589b8a2e
Size

190KB
MD5

b3b1a8a3f837b016eea6e33ed48ac04f
SHA1

5130579cd4df366c3e853ea46dfec484cf450b9a
SHA256

837c2395ff70ade054a63033edfbd428f0d1e0520badc4a393143d06589b8a2e
SHA512

d6b41da5f9a6fbcbe441e482adb8c2e6bfab7e3ccf8496d859404f9d149e96c81f0dc803907bc78dbc692e8baecc0de57b88e6a7423e43a1617b78d0afa09555
SSDEEP

3072:ErLnVESv0jirOPIK4MA5l9503WdnaYpI5XQPKoDWNk7lvjNq/gRH33vw0:MiEfgAD95TdFpXAe7lhKgh33vw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
837c2395ff70ade054a63033edfbd428f0d1e0520badc4a393143d06589b8a2e

Files

837c2395ff70ade054a63033edfbd428f0d1e0520badc4a393143d06589b8a2e
.dll windows:6 windows x86 arch:x86

3c5793ba2bd48dee42ccb6b6ee943be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

OpenProcessToken

userenv

DestroyEnvironmentBlock

ws2_32

recv

Exports

Exports

BR_Send
BR_TerminateCrashProcess
BR_UserInit
intit

Sections

.text
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ