NEAS[.]aea314699c2b6a66177aaab951126970[.]exe

General

Target

NEAS.aea314699c2b6a66177aaab951126970.exe
Size

77KB
MD5

aea314699c2b6a66177aaab951126970
SHA1

82d2324cd85540fa409c0ec5fc7822e5ca664878
SHA256

3bba3a8b3f1775919ee2779b082329bbef57524cfbf69a6eac4bbb531dd09065
SHA512

4dc0f76b952360648725c6a03ea678353fd1951e1d6195b45e9d300e3569cad1c8fb94c5dd01cc373d959ea735e0a269e46ed39ae7fc1094f29821a7c9ef6082
SSDEEP

1536:C3LSzdNhXSFTcft1xMEQhxYEnOSfeJYEocWkwVSuDRPBvZ:kWXhXSFTcf3SEoHnpeJYkWkwVXRPFZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.aea314699c2b6a66177aaab951126970.exe

Files

NEAS.aea314699c2b6a66177aaab951126970.exe
.sys windows:6 windows x86

65001321b480f54394e48e1b264407d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsGetCurrentProcessId
PsGetProcessImageFileName
IoGetCurrentProcess
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwClose
wcsncmp
ZwQueryObject
ZwDuplicateObject
ZwOpenProcess
ExAllocatePool
RtlInitUnicodeString
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
KeServiceDescriptorTable
MmIsAddressValid
MmGetSystemRoutineAddress
PsGetVersion
_stricmp
wcsstr
_wcslwr
RtlEqualUnicodeString
memset
MmUnlockPages
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
IofCompleteRequest
RtlAssert
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
RtlUnwind
_allmul
ObOpenObjectByPointer
KeDelayExecutionThread

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65001321b480f54394e48e1b264407d4

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 512B - Virtual size: 420B

.data Size: 512B - Virtual size: 808B

INIT Size: 1KB - Virtual size: 1KB

.vmp0 Size: 2KB - Virtual size: 1KB

.vmp1 Size: 53KB - Virtual size: 53KB

.reloc Size: 1024B - Virtual size: 628B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 512B - Virtual size: 808B

INIT
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 2KB - Virtual size: 1KB

.vmp1
Size: 53KB - Virtual size: 53KB

.reloc
Size: 1024B - Virtual size: 628B