8b02a6653718bf25206015d1992233b9f401b55be4f116b90f714ae24147e895 | Triage

Sharing

General

Target

8b02a6653718bf25206015d1992233b9f401b55be4f116b90f714ae24147e895
Size

1.6MB
MD5

42b8975a8510a847bef5bf95eecc03f2
SHA1

23c01c7bffe95b85cf1ac1a92027dcaae2decac9
SHA256

8b02a6653718bf25206015d1992233b9f401b55be4f116b90f714ae24147e895
SHA512

f2a4a0e1c29b0738e3a351e8031d62257b7d23599fb8004cf79fce1045f92ab9b5a9a817d864651c2027bada10fc3158fa5defb254a84beec9d5f427b35a8957
SSDEEP

49152:ZShQnJB00+MxqppajruyDnKSFBebcb39OqulG:ZShQnr02UajhHjtxOS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b02a6653718bf25206015d1992233b9f401b55be4f116b90f714ae24147e895

Files

8b02a6653718bf25206015d1992233b9f401b55be4f116b90f714ae24147e895
.exe windows:5 windows x86 arch:x86

af5c96f0a2ca2d217ff894f831b5c314

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
RtlUnwind
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegOpenKeyExW

ole32

CoCreateGuid

shell32

ShellExecuteW

shlwapi

StrCpyW

user32

MessageBoxW

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 706KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 808KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ