��6Q�/|�a����ޛ_�����V��c��I"Z��Dzz�C���q6�'���/��˼D�))���}m8ib�`�sk��� ���[��H�Q�vT)D� ����N? �<R�rfw��<�& ��ha���&%4�\M��s��Y9��#3w�Cy|w��(� �=(�CK����� ]�U_g����Ld_nn�;�0�� <%��:FS���� �o�O�ē��|QwiL�aݎ_�=�U��kYw�9>�H�4i��}u���ǯ�NQ����+"�`�-r7�瑻d}�#�F<�Xa��'I���6n1�Z7Y z�My�}�^���P��+pC=[��N�[�<s%挌���� ��Lx���=���C�c�K���x�����<�Q�4��,�̒�/���\�6K4��� �b�|�=�_����n=�x�S��a6���ͲU�+*�N�oT��tšY���[D��&c���aX����Cj����gN��E鿙cθ�o����z�F�!��w����<��ٞ�ͨ@b~�Rg��H|����Y!0��Нz��U��5t���QJ}jS�ު:យ��D{�I�R�š��a����i��Иb��&2ΊX��3���e��n,��cn��̞�j]�.�m�m����K���?����L����@�hX;�D�;W'q`����X�R{�|�f��bD?\���t�@���I�p�|�,��������ֆ+?]�6y�� � 71��'�MNA?�5J'h�Du!�|�����.�!����Xr��b��@�LW�J��ꤢ]�s�jR���:8��,y�Go(�����U��>��g[e�\��nT\�$iyG����K�����i�Xj]�hVk���UWE���v�}p��30�,�J?"FG�,[8�������XA���|�.��XG���=���t�{���0��O�m�Z�r�f+��1w�:2�sf(����;y����J�����Y�*�&)�Z�F�'�r�E�3�)͞�8Ɇ硝��D;��X��rM���D�~x�{��f���q��( �A�J��mxuSV�/�>=�W8]�Ҋyo�&���J����ٶ�(r;.n-(U�|�C�R���O�߃NM�ȶU"�v.�6Ќ�2h6�87=]��!̑�}�#=�����ٮ���?#�����k����`�D�(#�ݑ �ݐau����{5�)�]�-3�hVSgV �������_��0 �'X̫��y��Ə�* �~dV���H�x�Do��J�1��Q��ͯn/��];h�˼eѢ���K� >y��O�"�nW1ylQ�"y���VP�L����V���y�ǂ�B_�\�}�]���4%-��x��۪�"(6�G[�< �Ѧm�������_q_��'��6��N)G>������瀻�����iKr�YKgA���j��Usw"���� Z�XT�>�6�����D��_=CW��8����(i�e_���S=@�g� 83�;�T�n��&+ph;�xqUᢿ���KM�_�@�#h"LI�*�wP�˜�d�h�������]`J�)����\�^��a,�M���%���s��$��`ԩ�}��sA��;yW��������1�r�-�AD"��K��3�3Մ�'�Z�w%8>@�t%�K����8���xS�C <:I��B�q4U,RҹF����_��/fu�� �I@x�b.M,�?T�7u�6]FV��:ꈭCC'<4>M���0#�Rw��}�?��z��Mk4���;4��c�e���}+���ӗm2�>$�1� ��k:2 7K��������j���>�گ0�-���e"QB�Nc����@��UU��l(W^��Q�3���aTd��J���\r;U�� �����N�aq8�rC��롺�w���D�g���=dDoE�����p�-@uT-��ky�8�)��\�\}� ����|{��œ�<U8�2����z�u��H�*z$���P�DO� D,H�f_����_u����'��e�s5&I �zHW�!g>�Y%�7��k�+�g%F��o������������2r�'�<dz���Oh�W��t��"�����s�o<�k܋�wqݠO���WU�<�=��qB��+i*J������f��-�rJ���D���|�������۹w/�!)�vR�-�����;�v;v���x�n��b|;H��ރ2 �>��ک��D�U��Q%Hh���7D���O����b�0W/�r�=�j�K�}�� ]�k��&ax�5��+���<�dJ<Uᮌ���6�W��=�������tc�_��[�+a�u��2����/��p�a?r+z.�YSZ��ED���ۤQ:��»� ���������R�+(WRZ!�~M���ea�������{"p�^����%҃��rx��:�U� ��Y@��'����.��1����It�*߽��U��h�eO2kdĠ�(,�C�9��ޙ��J�L����*y��{N�����l�1�ӭ��v͊(��ܨ��/���#��s�!��%nh��v`�l1��v�[�j��=Sc�1���{?�"���� ��-h��&=Cx����dw&����G���m ��T����X�cڠȕKtQ��!)�:s��9/��Ӽ ��-�AO�b}CUD��y�tX@�8�j��$E�ڬ��'N��Q��d���5��غ�!e&�sG�a�!jsA��b=n��`�$�^��,rn8�8WΝ�,P�4�y��ϫ+����j�r`e�>��f6��B��(F�Rx�nCpk2���~M��:���k�o��ڣSr�2)�cûS� �M��{j�%��A��GY��w�Ć8���4�5A��;o�-Ð֨�U��S�Y��Ӗ�z(�4\��f�W�j���D���Y�#�7<��Ԗg����C𱬢!��{�Z�K�_�9UM�c`P>g# �"l����ς宰���^���,7�����!�G"n�T6��r��� bk�k��LL�`�3h�O�G@�V�{�U� �9wQ�IM|��x����������(��ϐzw�6C�V�AZ�JׯvA
Behavioral task
behavioral1
Sample
525abcd4247b2ba32eb57cd2080cf39dfa17ae5ed83a4b54a1b5e052c3c8aa9f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
525abcd4247b2ba32eb57cd2080cf39dfa17ae5ed83a4b54a1b5e052c3c8aa9f.exe
Resource
win10v2004-20220812-en
General
-
Target
525abcd4247b2ba32eb57cd2080cf39dfa17ae5ed83a4b54a1b5e052c3c8aa9f
-
Size
3.6MB
-
MD5
12528f6900a6a7b1079b148d6987248c
-
SHA1
f527de57eb87f9ef0e37c23abddf1907b7e50715
-
SHA256
525abcd4247b2ba32eb57cd2080cf39dfa17ae5ed83a4b54a1b5e052c3c8aa9f
-
SHA512
8bceb41b49c116f8fba327a37a41ae3b31eadcbd165d3417f683473ac61f36cd00477d6aa2dbcfdc780fd4181448aa87cf7c0e8a1f676ca9a1843b10fd1c6390
-
SSDEEP
98304:iih6F7MZrHRsgdDBtbd0QZ06nTKQUJlmP0PZLDTEZhmu76H+muF:l6FcrTBtb2KT1UPgUTEyu76H+9
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect
Files
-
525abcd4247b2ba32eb57cd2080cf39dfa17ae5ed83a4b54a1b5e052c3c8aa9f.exe windows x86
bf7d57dc11b3d61bf8a8bc54906fae0c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersion
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
wsprintfA
gdi32
SetBkMode
shell32
SHFileOperationA
advapi32
RegCloseKey
comctl32
ImageList_Create
ole32
CoTaskMemFree
version
VerQueryValueA
Exports
Exports
Sections
.text Size: - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 100KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ