ae40fcb460b48ba65b9a495664c064dba33819fafecd24f3203526af9775ac82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae40fcb460b48ba65b9a495664c064dba33819fafecd24f3203526af9775ac82
Size

10.0MB
MD5

ba1119e926e7361b911eb120e857b13e
SHA1

e40d4e6724e9a9e4dad1d69a82830908ae327de8
SHA256

ae40fcb460b48ba65b9a495664c064dba33819fafecd24f3203526af9775ac82
SHA512

14a2723d14fd4f40c8d6e1f7857b3f1e9a25516402a28840ebe7232c178afec2032c17b10763aaec23f0dabd8ea7b69d4504d5712e2c4ecc6a0b5b7d3f7e5392
SSDEEP

6144:OKcvMjX7dDzkX3kpUPKfcXjcjOZnMqYmfCPAHlJqwS4Apo8MTStEpycY6:OKTrdDzi3kpSsczpCG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae40fcb460b48ba65b9a495664c064dba33819fafecd24f3203526af9775ac82

Files

ae40fcb460b48ba65b9a495664c064dba33819fafecd24f3203526af9775ac82
.dll windows:4 windows x86 arch:x86

c5af9e9de861eaf9447a0259d32f8e64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
VirtualProtect
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

Exports

Exports

ServiceMain

Sections

CODE
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ