SecuriteInfo[.]com[.]Trojan[.]MulDrop4[.]30132[.]1188[.]28769[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MulDrop4.30132.1188.28769.exe
Size

937KB
MD5

220d3541ab76404977cf5b48de58516a
SHA1

c33151d347e1373de4b42f7b6a5bf9d146df6758
SHA256

d04abc20fa183e1ee64b10332bfacfe265b75a5d68f9178b5450a3021b6cd57d
SHA512

16ff4796b03571740c01961f2962082c42d2ecd172cf559edeb9239932796b9394af425d0df8cafacc54284815b6b5e4e104fff5751fd90a66d9a2dd1bc7961e
SSDEEP

24576:bab8txntAoLib4Vxp6fmwEH+O2plOy6q8U3Ip6CYJO8YNEc:bab8txnmb4DwaCr9tV3gm2Sc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.MulDrop4.30132.1188.28769.exe

Files

SecuriteInfo.com.Trojan.MulDrop4.30132.1188.28769.exe
.exe windows:4 windows x86

8f2b013cd3030e641fa539fbd4161b82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

kernel32

ExpandEnvironmentStringsA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCapture

gdi32

SetViewportOrgEx

winmm

waveOutGetNumDevs

winspool.drv

ClosePrinter

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

LoadTypeLi

comctl32

ImageList_Destroy

ws2_32

getpeername

wininet

InternetCloseHandle

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f2b013cd3030e641fa539fbd4161b82

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 569KB

.rdata Size: - Virtual size: 97KB

.data Size: - Virtual size: 215KB

.rsrc Size: 104KB - Virtual size: 118KB

.vmp0 Size: - Virtual size: 441KB

.vmp1 Size: 824KB - Virtual size: 823KB

.text
Size: - Virtual size: 569KB

.rdata
Size: - Virtual size: 97KB

.data
Size: - Virtual size: 215KB

.rsrc
Size: 104KB - Virtual size: 118KB

.vmp0
Size: - Virtual size: 441KB

.vmp1
Size: 824KB - Virtual size: 823KB