General

  • Target

    b0afe716add9040cb091205527b3e553eba8ff2d07eda5eb9a22b250885cbf06

  • Size

    2.6MB

  • MD5

    39bf85e46792ae202be1d9c56ce7efbc

  • SHA1

    fd42e09d744578b4e2854a9d6ade6a766524c058

  • SHA256

    b0afe716add9040cb091205527b3e553eba8ff2d07eda5eb9a22b250885cbf06

  • SHA512

    7b0238d3976d079abbb78b89e15c5c8b49a718f442e8626715b4aad1616ec57d7d44148041181f96f29553d28d54720b77d761ff902dcbc9d7c339d6fcff74b2

  • SSDEEP

    49152:OJZE4gpWK8Qtzy3ZPDmhhS9M5z6dA6dmf5a1oOQozMSV39DyRPcm3D:1aQtzSDUhS9sz6A6duuoOQId39eRc4D

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • b0afe716add9040cb091205527b3e553eba8ff2d07eda5eb9a22b250885cbf06
    .zip
  • 7za/7za.exe
  • ProgramData/1.cab
    .cab
  • WTSAPI32.dll
    .dll windows x64

    92ce9fdf181ed687600710ebae3d0062


    Headers

    Imports

    Exports

    Sections

  • qc.exe
    .exe windows x64

    6a6f951309f111a0d45edde6a5996828


    Code Sign

    Headers

    Imports

    Sections

  • ProgramData/a.exe
    .exe windows x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections

  • ProgramData/run.bat
  • ProgramData/run.exe
    .exe windows x86

    b6ae6f5c20742d6fa1d12b670c7d856b


    Code Sign

    Headers

    Imports

    Sections

  • ProgramData/vv.exe
    .exe windows x64

    ebdaf4a9e3ee089c93a97743a21e265d


    Code Sign

    Headers

    Imports

    Sections