General
-
Target
NEAS.46a53e18341b1ea47d5f82e612f607d0.exe
-
Size
1.3MB
-
MD5
46a53e18341b1ea47d5f82e612f607d0
-
SHA1
7bfcad724dbadf0c31f64ac67aac867ab6eeb27b
-
SHA256
2af4d68eb4eda3f7e9725c70434b02967a9a47f6f775fcd1753870a8d05fcfdb
-
SHA512
4b322c599c8993e7c03a28d938903528895584a184e937a73a983152dd2f920b14e9aae80af773c33d557a107b2a595c696eba2485dd3d7da4a8bda3306b3de3
-
SSDEEP
12288:BqF+VajSIZcbEtC8dbiPU8OXin1VMFR4en1oll37nfP3x3NQk2ILoHM:B2+VavSiC8duFOq25mlpXB9fpLo
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.46a53e18341b1ea47d5f82e612f607d0.exe
Files
-
NEAS.46a53e18341b1ea47d5f82e612f607d0.exe.sys windows:5 windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 958B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 592KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 697KB - Virtual size: 696KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ