General

Malware Config

Signatures

Files

• csrss.vmp.exe

  .exe windows x86

  Password: test4343434

  291d1fc9a3460370264423ae9c90c6e0

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  kernel32

  LoadLibraryA

  VirtualProtect

  GetModuleFileNameA

  ExitProcess

  user32

  MessageBoxA

  Exports

  Exports

  q&׉%�͓�Oy��z�>���^�MO��.)��&�Z��Mqmb��eeh �� n^6g:�LC�������;���FW��)�堓Ӂ��^+p� �H�JG��x������F)�,eb�1��� �˯4 ����ԉ#e4-�X��y��H��F���3�C(!Eg�NsQ��"}��d�W}�B�@G�}��ϡZ��V@�ms\�h�JL��=�F��|FA��� F7T��J�!��/��$��NE=��C�f��r$����T�� �e5����+/v �*��h��֒2c��NM�eS8��l�h�PM��>�gFi�5�ߡ�f^��m��ИƂ+��!� k�-��J��:6��`;g8���5p��0��jg�.��zy–�E��\�G����iv����FJ$�@��T�>7�xO��U�1β�L��*yI��v'�
  WK��ώ���qMۮ2���K#��?R��s�����#粌��z���gd�P�.}�P.�����"h�@��f�_�<�����r��;6.zS�;���P�@�]�ߢwy�5�(g���,@���������g|��� �n��l{�&�+���S�Ͻ���S�,����s[B�oF��BH���� ���ؔЀ,�� ݦi���B����ԃ�V�|�d�ֆS/zU�v� �9|�+�'\�rǦV(�Յb� �=}�^ϳ�.�檹iR/�d��_ag�oaƁ��u�dk�&�,��~!���T��7��H�'�G[C�=�iۿ�̹l'x���[�(�'���R�)Kn5��JSgM���p�u=5F4�A���i j�Y0�}$i��d8�:���
  �5��
  ��u�g�1`�����ϠN���g��|PѺ��TγOXS�̠��I����Q {e���`j��)���i&�&f�_o����6q���k�� ��IF�v�_A���
  1-:����f�vO ��gF�3�����$�Y7N�ۗ[��g�*���]i�F�P1�ސIѣ
  UU�+�k:����}u�WĿ�9*���E�ת�AT�(ݫ�6��فW�}��o0� ���x��b��@��$��ܶ��aU�^�����@��yL��B�_'���-� �K�M7����?-���� ���B#l��A�_��Qޤ�7�F�0����(Qd(H����'�U�W�0���$l�:V�ۯ(�F����2�X;UR�u䶾QF��D�-�IS��M �%g���&�sI�g�z�W�b��Srq���j�t���߁���z& $(��A����v�X��0M��Bq��{@�;��8O���R8�>���G�-���"��u��>Y�t� }�ך�ld#4n�� �A�h��!�E����e�{����^xI>�A����v�d��a����5����w�u*/������2;�ǰ<մ{���k @CT�L�5�(��L�$=��~���]bJ��Ǟ�ai������X �;�_'����C�G;�h��$�y\ـc��KL
  �e�Q��n-�*%G<���[fox���0��h��>lw������}�}?�u3�̩���RY���!]����L��X �$Q����_t��~[
  uלgEaћ�ӥPB����2Iy ܡ�u�#�5��S�z!��\�/P�Խ�I?i!��QJ��W}�#ٴ�&���������^�����|�{W��-���`��)��5��*�Φ��'�����#�Z��#�4_�X9�XUVo��͢�d<�NNxQgӑG`-0�q`��g �)�*�W�ļ�2�<<|�Qd�S� � �^�����D�"���5]��� �����fgX�i�N'7[,�'D�9�E�>��e#�/��zR��P#�Mlʳp�8�#�e�!����jL,�B6O����qJ)���%�v��@�����5��>����T˂�ye�2 ��yD�taz��s�*����/�؈�%�vq��Bz�A���ÖF����Z�X�����8�5��V���bG`�o�=��Jf[;��4����G4�6��W�nϕ$~e몟���,nyW���u0Yr�{��擕�]�7�/�ƙ�@��wr��#���W����ㄜ8�E�Չ��N���*��x��^�ϔɼ�[���:@ �ܸ�'��v�A�1���2��(`����Kl'`N��H<[�����B���x��#H�H.(�]�d����Y�\�|�`���C����#Hq���4��Y]��KW�0�g���`�R�'��1z8yAI�Vi�?���!SL�0i�,���Y�D̪\�к�' L��CQ���Oı�[t6m�b7��*E��wbZ��N�+���1)�җt��yMjѯ>�kQ=�#��w0�/|y��\����5�RF�!x�W.]AfP�-�h>tm�H����ţ�o�$#p���1��E��8�����=���~U���.���~����\R�A0n*?�y7t/f:�=�2�Q����%�ܲǛp��.�&�#�@W��T����nxT����>��TA��;#M(��t1�‹�ĝt� �?}��k@���LI�p�%Cڭ�a�Vw�Cn�V�/>H_�B X�1g)�ӏJ�� 5���ݷU��ʰLZJ�N�3QJS���PN�ټ�d�EK�JQ/j�o�J��:;ĵ�l�Od��t)����{�t B���7t�6R�6���V�rel�-��� �bl����ї@ ���|'_{O=��:es
  �wՙ�D�fΣ: ��� (��g�mn������72�\�58������?��-��w�� +f^���ᆈ�m����W z��r���nVq^�2M�!S�����Gs� ��fs��}̙�l�+={E�(�T�{�V��2.S+rT=��L��'�k�n���!�׉�l�$��Ko�c�Q�&� �<�ш�L���SN,��G<x_��zuȔ+��}����>��C���?�GzTW{��M�r���y����aYj���o�[F�0Fh��h�N�NJ�TC������N�f^��*2�ʯsI3E}��}�.=���RVv�f��6E���}%��gAlX���*��!`l��Y}R��zZ8
  �d,)y�

  Sections

  .text

  Size: - Virtual size: 58KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 12B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: - Virtual size: 13KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp2

  Size: 82KB - Virtual size: 82KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 220B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ