SecuriteInfo[.]com[.]Trojan[.]MulDrop6[.]38104[.]20346[.]24404[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MulDrop6.38104.20346.24404.exe
Size

1.0MB
MD5

0949b4c40e0bc27d3d6cd54e709b9771
SHA1

b4723ddb2e6b43bbd44cccca14833627c0189aa5
SHA256

5241b7988deede1cacd5b204feeaf4caefa71767f846d5c634123bec2fbaf97f
SHA512

b32c6ad4a04d5363e7e624652a1ce178d45135e23e5db433219057921dd2df5cebf0306bbf0e81a223ea83d5c8e300d728f26ccff593c2e083b808087e507a5c
SSDEEP

24576:aa5I7A4jlaHvCyLJcYL6ZoWzwmTeQ0XlmNfP4jrc:aa5Ik4jZ2GjiWzwmYXlmJsrc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.MulDrop6.38104.20346.24404.exe

Files

SecuriteInfo.com.Trojan.MulDrop6.38104.20346.24404.exe
.exe windows:4 windows x86

e1515efe5c41af06391031639a4dc54a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

SetFilePointer
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClipboardData

gdi32

ScaleViewportExtEx

winmm

midiStreamProperty

winspool.drv

OpenPrinterA

advapi32

LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

OleUninitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

WSAAsyncSelect

wininet

HttpQueryInfoA

comdlg32

ChooseColorA

Sections

.text
Size: - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 932KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1515efe5c41af06391031639a4dc54a

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 568KB

.rdata Size: - Virtual size: 110KB

.data Size: - Virtual size: 215KB

.rsrc Size: 104KB - Virtual size: 118KB

.vmp0 Size: - Virtual size: 537KB

.vmp1 Size: 932KB - Virtual size: 930KB

.text
Size: - Virtual size: 568KB

.rdata
Size: - Virtual size: 110KB

.data
Size: - Virtual size: 215KB

.rsrc
Size: 104KB - Virtual size: 118KB

.vmp0
Size: - Virtual size: 537KB

.vmp1
Size: 932KB - Virtual size: 930KB