SecuriteInfo[.]com[.]Trojan[.]NtRootKit[.]18405[.]3205[.]9028[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.NtRootKit.18405.3205.9028.exe
Size

885KB
MD5

00bafd50d935dd8f6b8d9345cec62173
SHA1

ec8d992ff7dcb4f88cdc2e16b9a26160fc837a4f
SHA256

a9306fddb2c91dcfd03b9c9678183246e14cd7cb1267b84b5ad987404bea6ae0
SHA512

184eb032fe7979603ed483e696b915473dc87a85c13d6f841f33ffa37e0b81bc64141a927fdb5dd4eef7ba0cedc92067340b948a7e958de1fb10c7dea46be676
SSDEEP

12288:VlrGd6xSFG5Rol03KqdDGsMh5KlK1AN0j4tRKRs/ODERPsmclvfIi7ifk3EQK9c:LadY5RAqYsMl1AO4tRKRs/eCPoifn9c

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.NtRootKit.18405.3205.9028.exe

Files

SecuriteInfo.com.Trojan.NtRootKit.18405.3205.9028.exe
.exe windows:4 windows x86

fb94f5614605db0251c63226b452da04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

kernel32

GlobalHandle
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSysColor

gdi32

GetSystemPaletteEntries

winmm

waveOutOpen

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

WSAStartup

wininet

HttpOpenRequestA

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 772KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb94f5614605db0251c63226b452da04

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 568KB

.rdata Size: - Virtual size: 110KB

.data Size: - Virtual size: 215KB

.rsrc Size: 104KB - Virtual size: 118KB

.vmp0 Size: - Virtual size: 393KB

.vmp1 Size: 772KB - Virtual size: 768KB

.text
Size: - Virtual size: 568KB

.rdata
Size: - Virtual size: 110KB

.data
Size: - Virtual size: 215KB

.rsrc
Size: 104KB - Virtual size: 118KB

.vmp0
Size: - Virtual size: 393KB

.vmp1
Size: 772KB - Virtual size: 768KB