2363f30f27c46d21affce17993cd0a2189c88c3530379ef7231bd50dd6516549 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2363f30f27c46d21affce17993cd0a2189c88c3530379ef7231bd50dd6516549
Size

268KB
MD5

744553550088532547688036b39c07d0
SHA1

45f9d27d6a776056d9bedce684dd165d53b8e835
SHA256

2363f30f27c46d21affce17993cd0a2189c88c3530379ef7231bd50dd6516549
SHA512

141d27c5009abf3ff063be563b8c1409854849249ef37b1845c5fd868adf69a4742a1818b3cb51e439458774b2787af592ba112192f970c116619786281d706c
SSDEEP

6144:LoPtPzZrZiU4wyZYRf3tVHKggFWAhqWr/t:LoPtPzZNi6lVngFW0q+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2363f30f27c46d21affce17993cd0a2189c88c3530379ef7231bd50dd6516549

Files

2363f30f27c46d21affce17993cd0a2189c88c3530379ef7231bd50dd6516549
.dll windows:4 windows x86 arch:x86

0c3b477ed058559fbbe5ebd4edc951e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetActiveWindow

gdi32

DeleteObject

psapi

GetModuleBaseNameA

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIA

Sections

.text
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ