362d6646005e3e2743c00b815764131f[.]exe | Triage

Sharing

General

Target

362d6646005e3e2743c00b815764131f.exe
Size

4.8MB
MD5

362d6646005e3e2743c00b815764131f
SHA1

f1d4157d7d9ef2d5b09b2ced303c610ee6ad5937
SHA256

41a5d5a50f013dae32ff379e8e01fcd5758beb1c940e1a48a245060fe15f6155
SHA512

d8bd2393564025a444a0a06cebb081b8146e4b852dd4ef54241a6a9236af73485472280df75a235c626548645ce6475424f8b8c300c784fae3b3dc88896608a4
SSDEEP

98304:lZOM2gHw+Wv7pSxyL2+HJNTUcfk8JCS13RiSCJ5d6PBsomKvY6C0+p7NyQ3:POM2gHJWTPJNoatVRiSCvd6psomK63yW

Score

9^/10

miner vmprotect

Malware Config

Signatures

Detectes Phoenix Miner Payload 1 IoCs
miner

Processes:

resource yara_rule

sample miner_phoenix
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

362d6646005e3e2743c00b815764131f.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

NvOptimusEnablementCuda

Sections

.text
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ