ca7502cd02a0a170d9f4305c18410126_JC[.]bin

General

Target

ca7502cd02a0a170d9f4305c18410126_JC.bin
Size

6.6MB
MD5

2d8bcaf0f6ca6c446f38afe4b5226891
SHA1

2e9adfd4010b2eb69db37209a0c7d6b9ed58822e
SHA256

08ae76482597a50509400a12a8e3a2d890272eac14e791be1f41f95801114f42
SHA512

e03c622ca0fed4d899a959be6d243d7bc7f4120c65d2bab56506807832fa8739a9f3d3e02accbfc9086d485e3bf177f41c294b7d74de0b1451a223abfac5487c
SSDEEP

196608:Hm4pvwUfdFuZs4GgVBz9ldU6GXxbxL5vZTlu5:Hl5h6Z3z1U6kzL5vJlu5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/907ed7e8aa2058d9e4509c779c9525356965992271ade6991af8bd4bbcdee260.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/907ed7e8aa2058d9e4509c779c9525356965992271ade6991af8bd4bbcdee260.exe

Files

ca7502cd02a0a170d9f4305c18410126_JC.bin
.zip

Password: infected
907ed7e8aa2058d9e4509c779c9525356965992271ade6991af8bd4bbcdee260.exe
.exe windows x86

de8af78b3569eb79f0a43010a95e85a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CreateServiceA

shell32

SHGetSpecialFolderPathA

setupapi

SetupDiGetClassDevsA

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 704KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

de8af78b3569eb79f0a43010a95e85a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

setupapi

user32

Sections

.text Size: - Virtual size: 325KB

.rdata Size: - Virtual size: 42KB

.data Size: - Virtual size: 5KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 704KB - Virtual size: 744KB

.text
Size: - Virtual size: 325KB

.rdata
Size: - Virtual size: 42KB

.data
Size: - Virtual size: 5KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 704KB - Virtual size: 744KB